What is a hash function?

A hash function is a mathematical algorithm that converts input data into a fixed-size string of characters. The same input always produces the same output, but even small changes create completely different hashes.

Which hash algorithm should I use?

For security purposes, use SHA-256 or SHA-512. MD5 and SHA-1 are considered cryptographically broken for security but are still used for checksums and non-security purposes.

← Tools

Security

Hash Generator

Generate SHA-1, SHA-256, SHA-384, and SHA-512 hashes from any text. Uses the browser's native Web Crypto API.

Input Text0 chars

SHA-256 Hash0 chars

About Hash Functions

A cryptographic hash function maps input of any size to a fixed-size digest. It is deterministic (same input → same output), fast to compute, and practically impossible to reverse. This tool uses the browser's SubtleCrypto.digest() API — no data ever leaves your device.

Even a single character change completely changes the output — this is the avalanche effect. Read more: Hash Algorithms Guide: MD5, SHA-1, SHA-256 and Beyond.

Algorithm Comparison

SHA-1 — 160-bit. Deprecated for security, still used in Git
SHA-256 — 256-bit. Recommended for most uses
SHA-384 — 384-bit. Higher security margin
SHA-512 — 512-bit. Maximum security, larger output

Common Use Cases

File integrity — verify a download is unmodified
Password storage — store salted hashes, not plaintext
Digital signatures — sign the hash, not the full document
Checksums — detect accidental data corruption
Need a random secret to hash? Use the Random String Generator

Frequently Asked Questions

Can I reverse a hash?

No — hash functions are one-way. You cannot reverse a hash to get the original input. Attackers use rainbow tables (precomputed hash databases) against weak or unsalted hashes.

Should I use SHA-1?

Not for security-sensitive applications. SHA-1 collision attacks have been demonstrated. Use SHA-256 or higher for new projects.

Why not MD5?

MD5 is not available in the browser's Web Crypto API because it is cryptographically broken. For legacy MD5 support, use a dedicated JS library.

How to hash passwords safely?

Don't use raw SHA hashes for passwords. Use bcrypt, scrypt, or Argon2 — these are slow by design, making brute-force attacks expensive.