Skip to main content

Hash Generator Online: MD5, SHA-1, SHA-256 & SHA-512

Paste text and get its MD5, SHA-1, SHA-256, SHA-384, or SHA-512 hex digest instantly. Free, no sign-up, and computed 100% in your browser — your data is never uploaded.

Algorithm:
Text Input
0 characters
Algorithm
SHA-256
Hash Length
0 chars
Hash Output

Hash will appear here...

Hashes as You Type

Lowercase hex digest updates on every keystroke. Copy it or download a .txt file.

Five Algorithms

MD5 (32 chars), SHA-1 (40), SHA-256 (64), SHA-384 (96), and SHA-512 (128).

Nothing Leaves Your Browser

SHA hashes use the native Web Crypto API. No upload, no account, no logs.

Security: High-Performance Web Crypto API
Privacy: 100% Private Local Processing

Hash Generator: MD5, SHA-1, SHA-256, SHA-384 & SHA-512

A hash generator turns any text into a fixed-length hex digest — a one-way fingerprint of your input. Paste text above, pick an algorithm, and the lowercase hex hash appears instantly: 32 characters for MD5, 40 for SHA-1, 64 for SHA-256, 96 for SHA-384, and 128 for SHA-512. It is free, needs no sign-up, and runs entirely in your browser.

How to generate a hash

  1. Type or paste your text into the Text Input box. The character counter below it confirms what was captured, including trailing spaces and newlines.
  2. Pick an algorithm from the selector. SHA-256 is the safe default; switch to MD5 or SHA-1 only for legacy checksums.
  3. Read the hex digest in the Hash Output panel. It recalculates on every keystroke, and the header shows the exact hash length in characters.
  4. Click Copy to put the digest on your clipboard, or the download icon to save it as toolk-hash-{algorithm}.txt.
  5. To verify a checksum, compare the output to the publisher's value character by character — a single mismatch means the data changed.

What is a cryptographic hash, and how does it work?

A cryptographic hash function maps an input of any size to a fixed-length output called a digest. Three properties define it: it is deterministic (the same input always yields the same digest), one-way (you cannot run it backward to recover the input), and it shows the avalanche effect (flipping one input bit changes about half the output bits). The SHA-2 family here is standardized by NIST in FIPS 180-4, the Secure Hash Standard.

This tool computes SHA-1, SHA-256, SHA-384, and SHA-512 with the browser-native Web Crypto API crypto.subtle.digest(). Your text is encoded to UTF-8 bytes via TextEncoder, hashed, then formatted as lowercase hex. Note that hashing is not encryption: encryption is reversible with a key, while a hash has no decrypt step. Read more in our developer guides on the Toolk blog.

Worked examples

Paste these exact inputs to reproduce the digests below. The empty-string hashes are well-known constants you can use to confirm any hasher is wired correctly.

InputAlgorithmHex digest
(empty string)SHA-256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
(empty string)MD5d41d8cd98f00b204e9800998ecf8427e
The quick brown fox jumps over the lazy dogMD59e107d9d372bb6826bd81d3542a419d6

Failing edge case — the avalanche effect: adding a single period to make "The quick brown fox jumps over the lazy dog." does not nudge the MD5 digest — it rewrites it completely to e4d909c290d0fb1ca068ffaddf22cbd0. Two near-identical inputs share zero visual similarity in their hashes, which is exactly why partial matching never works.

Algorithm reference: length, status & use case

Pick by security need, not habit. MD5 and SHA-1 are fast but broken for any security use. SHA-256 is the modern default.

AlgorithmDigest sizeSecurity statusUse it for
SHA-256256-bit / 64 hexSecure (default)TLS certificates, blockchain, signatures, checksums
SHA-512512-bit / 128 hexSecureHigh-assurance signatures; faster on 64-bit CPUs
SHA-384384-bit / 96 hexSecureTruncated SHA-512; TLS cipher suites
SHA-1160-bit / 40 hexBroken (2017)Legacy Git object IDs only — never for security
MD5128-bit / 32 hexBroken (2004)Non-security checksums and cache keys only

Collisions are real, not theoretical. In 2017 the SHAttered attack by CWI Amsterdam and Google produced two distinct PDFs with the same SHA-1 digest using roughly 9.2 quintillion hash computations; MD5 collisions were demonstrated by Wang et al. back in 2004.

Why Web Crypto skips MD5 — and how this tool stays consistent

Here is a detail that trips up cross-tool verification. The Web Crypto API does not support MD5 at all — it was deliberately left out because the algorithm is broken — so this tool runs MD5 in pure JavaScript. Both the MD5 and the SHA paths hash the UTF-8 byte stream of your input (via TextEncoder), so identical characters always produce identical digests.

Because the input is UTF-8 encoded before hashing, this MD5 matches any standard server-side UTF-8 MD5 (PHP md5(), Python hashlib, OpenSSL) for both plain ASCII and non-ASCII text — an emoji, "café", or CJK characters all hash identically. MD5 itself remains cryptographically broken (collisions since 2004), so use it only for checksums and cache keys — never for security, where SHA-256 is the right choice.

Privacy: it all runs on your device

Runs 100% in your browser — your data never leaves your device. No uploads. We hashed everything from empty strings and single emoji up to multi-megabyte pasted text; the SHA digests come straight from your browser's audited crypto engine, and nothing is logged. Because there is no server round-trip, you can hash API secrets, tokens, and config values without them ever touching a network.

Last updated: May 18, 2026. Digests verified against FIPS 180-4 test vectors and the browser Web Crypto API.

Need a different tool?

Browse all 89 free, in-browser tools — or tell us what we should build next.

Browse all tools