Hash Generator Online: MD5, SHA-1, SHA-256 & SHA-512
Paste text and get its MD5, SHA-1, SHA-256, SHA-384, or SHA-512 hex digest instantly. Free, no sign-up, and computed 100% in your browser — your data is never uploaded.
Hash will appear here...
Hashes as You Type
Lowercase hex digest updates on every keystroke. Copy it or download a .txt file.
Five Algorithms
MD5 (32 chars), SHA-1 (40), SHA-256 (64), SHA-384 (96), and SHA-512 (128).
Nothing Leaves Your Browser
SHA hashes use the native Web Crypto API. No upload, no account, no logs.
Hash Generator: MD5, SHA-1, SHA-256, SHA-384 & SHA-512
A hash generator turns any text into a fixed-length hex digest — a one-way fingerprint of your input. Paste text above, pick an algorithm, and the lowercase hex hash appears instantly: 32 characters for MD5, 40 for SHA-1, 64 for SHA-256, 96 for SHA-384, and 128 for SHA-512. It is free, needs no sign-up, and runs entirely in your browser.
How to generate a hash
- Type or paste your text into the Text Input box. The character counter below it confirms what was captured, including trailing spaces and newlines.
- Pick an algorithm from the selector. SHA-256 is the safe default; switch to MD5 or SHA-1 only for legacy checksums.
- Read the hex digest in the Hash Output panel. It recalculates on every keystroke, and the header shows the exact hash length in characters.
- Click Copy to put the digest on your clipboard, or the download icon to save it as
toolk-hash-{algorithm}.txt. - To verify a checksum, compare the output to the publisher's value character by character — a single mismatch means the data changed.
What is a cryptographic hash, and how does it work?
A cryptographic hash function maps an input of any size to a fixed-length output called a digest. Three properties define it: it is deterministic (the same input always yields the same digest), one-way (you cannot run it backward to recover the input), and it shows the avalanche effect (flipping one input bit changes about half the output bits). The SHA-2 family here is standardized by NIST in FIPS 180-4, the Secure Hash Standard.
This tool computes SHA-1, SHA-256, SHA-384, and SHA-512 with the browser-native Web Crypto API crypto.subtle.digest(). Your text is encoded to UTF-8 bytes via TextEncoder, hashed, then formatted as lowercase hex. Note that hashing is not encryption: encryption is reversible with a key, while a hash has no decrypt step. Read more in our developer guides on the Toolk blog.
Worked examples
Paste these exact inputs to reproduce the digests below. The empty-string hashes are well-known constants you can use to confirm any hasher is wired correctly.
| Input | Algorithm | Hex digest |
|---|---|---|
| (empty string) | SHA-256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| (empty string) | MD5 | d41d8cd98f00b204e9800998ecf8427e |
| The quick brown fox jumps over the lazy dog | MD5 | 9e107d9d372bb6826bd81d3542a419d6 |
Failing edge case — the avalanche effect: adding a single period to make "The quick brown fox jumps over the lazy dog." does not nudge the MD5 digest — it rewrites it completely to e4d909c290d0fb1ca068ffaddf22cbd0. Two near-identical inputs share zero visual similarity in their hashes, which is exactly why partial matching never works.
Algorithm reference: length, status & use case
Pick by security need, not habit. MD5 and SHA-1 are fast but broken for any security use. SHA-256 is the modern default.
| Algorithm | Digest size | Security status | Use it for |
|---|---|---|---|
| SHA-256 | 256-bit / 64 hex | Secure (default) | TLS certificates, blockchain, signatures, checksums |
| SHA-512 | 512-bit / 128 hex | Secure | High-assurance signatures; faster on 64-bit CPUs |
| SHA-384 | 384-bit / 96 hex | Secure | Truncated SHA-512; TLS cipher suites |
| SHA-1 | 160-bit / 40 hex | Broken (2017) | Legacy Git object IDs only — never for security |
| MD5 | 128-bit / 32 hex | Broken (2004) | Non-security checksums and cache keys only |
Collisions are real, not theoretical. In 2017 the SHAttered attack by CWI Amsterdam and Google produced two distinct PDFs with the same SHA-1 digest using roughly 9.2 quintillion hash computations; MD5 collisions were demonstrated by Wang et al. back in 2004.
Why Web Crypto skips MD5 — and how this tool stays consistent
Here is a detail that trips up cross-tool verification. The Web Crypto API does not support MD5 at all — it was deliberately left out because the algorithm is broken — so this tool runs MD5 in pure JavaScript. Both the MD5 and the SHA paths hash the UTF-8 byte stream of your input (via TextEncoder), so identical characters always produce identical digests.
Because the input is UTF-8 encoded before hashing, this MD5 matches any standard server-side UTF-8 MD5 (PHP md5(), Python hashlib, OpenSSL) for both plain ASCII and non-ASCII text — an emoji, "café", or CJK characters all hash identically. MD5 itself remains cryptographically broken (collisions since 2004), so use it only for checksums and cache keys — never for security, where SHA-256 is the right choice.
Privacy: it all runs on your device
Runs 100% in your browser — your data never leaves your device. No uploads. We hashed everything from empty strings and single emoji up to multi-megabyte pasted text; the SHA digests come straight from your browser's audited crypto engine, and nothing is logged. Because there is no server round-trip, you can hash API secrets, tokens, and config values without them ever touching a network.
Related security & developer tools
Keyed hashes for API signing
Password GeneratorCreate high-entropy secrets
Password Strength MeterScore a password's entropy
UUID GeneratorBuild unique identifiers
JWT DecoderInspect HS256/RS256 tokens
Base64 EncoderEncode binary as text
Base64 DecoderDecode Base64 back to text
URL EncoderPercent-encode query strings
Number Base ConverterConvert hex, binary & decimal
JSON FormatterBeautify payloads before hashing
Last updated: May 18, 2026. Digests verified against FIPS 180-4 test vectors and the browser Web Crypto API.
Need a different tool?
Browse all 89 free, in-browser tools — or tell us what we should build next.