Hash Generator
Generate MD5, SHA-1, SHA-256 and SHA-512 hashes
How to use Hash Generator
Generate MD5, SHA-1, SHA-256 and SHA-512 hashes from any text. Instant results. Free online cryptographic hash generator tool.
What are cryptographic hashes used for?
A hash function takes any input and produces a fixed-length string (the digest) that uniquely represents that input. Even a single character change produces a completely different hash — this property makes hashes essential for data integrity and security.
- File integrity verification: Software downloads include a SHA-256 hash. After downloading, compute the hash of your file and compare — a mismatch means the file was corrupted or tampered with.
- Password storage: Websites never store plain-text passwords. They store the hash of the password (ideally with bcrypt or Argon2 — not MD5). At login, the submitted password is hashed and compared to the stored hash.
- Deduplication: Hash file contents to detect duplicates without comparing byte-by-byte. Files with identical hashes are identical — regardless of filename.
- Git version control: Every Git commit, file, and tree object is identified by a SHA-1 hash (transitioning to SHA-256). The commit hash uniquely identifies the exact state of code at that point in time.
- Digital signatures: Sign the hash of a document (not the document itself) — faster and mathematically equivalent. The signature verifies both authenticity and integrity.
Speed vs security: MD5 and SHA-1 are fast but cryptographically broken — do not use for security. SHA-256 and SHA-512 are the current standards. For password hashing specifically, use slow algorithms like bcrypt, scrypt, or Argon2 that resist brute-force attacks.
Frequently Asked Questions
What is the difference between MD5, SHA-1, SHA-256, and SHA-512?
MD5 (128-bit) and SHA-1 (160-bit) are fast but have known collision vulnerabilities — two different inputs can produce the same hash. Do not use them for security. SHA-256 (256-bit) and SHA-512 (512-bit) are part of the SHA-2 family — currently secure and widely used. SHA-3 is a newer alternative with a different internal design.
Can a hash be reversed?
No — hash functions are one-way by design. You cannot mathematically recover the input from the output. However, precomputed rainbow tables map common inputs (passwords, words) to their hashes — which is why passwords must be salted (a random value added before hashing) to defeat rainbow table attacks.
What is a hash collision?
A collision occurs when two different inputs produce the same hash. For MD5 and SHA-1, researchers have demonstrated practical collision attacks — meaning two different files can have the same MD5 or SHA-1 hash. This is why these algorithms are considered cryptographically broken for security applications.
What is a salt in password hashing?
A salt is a random value added to the password before hashing: hash(password + salt). Each user gets a unique salt stored alongside their hash. This prevents rainbow table attacks (precomputed hash lookups) and ensures two users with the same password have different stored hashes.
What is the difference between a hash and a checksum?
Both verify data integrity, but checksums (CRC32, Adler-32) are optimized for speed and error detection, not security — they are easy to reverse-engineer or forge. Cryptographic hashes are designed to be collision-resistant and computationally infeasible to reverse. Use checksums for error detection, cryptographic hashes for security.
MD5 vs SHA-1 vs SHA-256 vs bcrypt
MD5: 128-bit, very fast, cryptographically broken — use only for non-security checksums. SHA-1: 160-bit, faster than SHA-256, cryptographically broken — deprecated by major browsers and CAs. SHA-256: 256-bit, secure, the current standard for file integrity and digital signatures. SHA-512: 512-bit, slightly more secure, used when extra margin is needed. bcrypt/Argon2: Deliberately slow — designed specifically for password hashing where speed is a liability, not an asset.