Free Hash Generator — MD5, SHA-1, SHA-256, SHA-512 Online
Generate MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes from text or files instantly. All five algorithms run simultaneously — see every hash at once. Compare hashes to verify file integrity, generate HMAC signatures with a secret key, and toggle between uppercase and lowercase output. Free, no signup, everything runs in your browser.
Five Algorithms, One Tool — All Hashes at Once
No need to switch between tools or run each algorithm separately. Type or paste text and get all five hashes instantly.
5 Algorithms Simultaneously
MD5, SHA-1, SHA-256, SHA-384, and SHA-512 all computed at once. Copy individual hashes or all five with one click.
File Checksums
Drop any file to generate checksums. Verify downloads by comparing against the publisher's hash. No file size limit — runs locally.
HMAC Mode
Generate keyed hashes (HMAC) with a secret key for API authentication, webhook verification, and JWT signing.
Compare Hash
Paste a hash to check it against all generated values. Instantly know if your file or text matches the expected checksum.
Case Toggle
Switch between lowercase and UPPERCASE hex output to match whatever format your system expects.
100% Client-Side
Uses the Web Crypto API for SHA hashes. Your text and files never leave your device. Works offline as a PWA.
How to Use the Hash Generator
1. Enter text or drop a file. Type or paste text into the input field — hashes generate in real time as you type. Or drop a file (any format, any size) to generate file checksums.
2. Copy the hash you need. Click Copy next to any algorithm to copy that hash to your clipboard. Click Copy All to get all five hashes on separate lines.
3. Verify with Compare. Enable Compare Hash mode and paste a known hash. The tool highlights which algorithm matches, confirming your data is identical to the source.
4. Use HMAC for keyed hashes. Enable HMAC Mode, enter your secret key, and the tool generates HMAC versions of all five algorithms. Use these for API signatures and webhook verification.
Hash Algorithm Comparison
Each algorithm produces a different length output. Longer hashes provide more collision resistance but are slower to compute.
| Algorithm | Output | Hex Length | Status |
|---|---|---|---|
| MD5 | 128 bits | 32 chars | Broken — legacy only |
| SHA-1 | 160 bits | 40 chars | Deprecated |
| SHA-256 | 256 bits | 64 chars | Recommended |
| SHA-384 | 384 bits | 96 chars | Secure |
| SHA-512 | 512 bits | 128 chars | Secure |
When to Use a Hash Generator
Verifying downloads: Software publishers provide SHA-256 checksums for their downloads. Generate the hash of your downloaded file and compare it to the published value to ensure the file was not corrupted or tampered with during transfer.
API authentication: Many APIs (Stripe, GitHub, Shopify) sign webhooks with HMAC-SHA256. Use HMAC mode to compute the expected signature and compare it to the one received in the webhook header.
Data deduplication: Hash files or content to generate unique identifiers. If two files produce the same SHA-256 hash, they are identical — no need to compare byte-by-byte.
Content integrity: Store a SHA-256 hash alongside important documents. Recompute the hash later to verify the document has not been modified.
Legacy system compatibility: Some older systems still require MD5 or SHA-1 hashes. Generate these alongside modern SHA-256 hashes to support both old and new workflows.
Frequently Asked Questions
What is a hash and what is it used for?
A hash is a fixed-length string generated from input data using a mathematical algorithm. The same input always produces the same hash, but you cannot reverse a hash to recover the original input. Hashes are used for data integrity verification (checking if a file has been altered), password storage (storing hashes instead of plain-text passwords), digital signatures, and checksums for downloads.
What algorithms does this tool support?
This tool generates MD5 (128-bit), SHA-1 (160-bit), SHA-256 (256-bit), SHA-384 (384-bit), and SHA-512 (512-bit) hashes simultaneously. SHA-256 and SHA-512 are part of the SHA-2 family and are the current industry standard. MD5 and SHA-1 are included for legacy compatibility but should not be used for security-critical applications.
What is the difference between MD5, SHA-1, and SHA-256?
MD5 produces a 32-character hex string and is fast but cryptographically broken — collisions can be created easily. SHA-1 produces a 40-character hex string and is also deprecated for security. SHA-256 produces a 64-character hex string and is currently secure — it is used in Bitcoin, TLS certificates, and most modern security applications. SHA-512 produces a 128-character hex string and offers an even larger output.
How do I verify a file checksum?
Drop or select a file using the file upload area. The tool generates all five hash algorithms for the file. Then enable Compare Hash mode, paste the checksum provided by the file's publisher, and the tool will tell you if it matches any of the generated hashes. A match confirms the file has not been altered.
What is HMAC and when should I use it?
HMAC (Hash-based Message Authentication Code) combines a secret key with the hash function to produce a keyed hash. It verifies both data integrity and authenticity — only someone with the secret key can produce the same HMAC. Use HMAC for API authentication, webhook signature verification, JWT signing, and any scenario where you need to prove a message has not been tampered with.
How does HMAC differ from a regular hash?
A regular hash only proves data integrity — anyone can compute it. HMAC adds a secret key, so only parties who know the key can produce or verify the hash. This prevents an attacker from modifying the data and recomputing the hash. HMAC also protects against length extension attacks that affect plain SHA-256.
Is MD5 still safe to use?
Not for security. MD5 collisions have been demonstrated since 2004, meaning two different inputs can produce the same hash. It should not be used for password hashing, digital signatures, or certificate validation. MD5 is still acceptable for non-security uses like cache keys, content-addressable storage, and quick file deduplication where collision attacks are not a concern.
Can I hash a large file?
Yes. File hashing runs entirely in your browser using the Web Crypto API. Performance depends on your device — modern browsers can hash files of several hundred MB in seconds. For very large files (1 GB+), there may be a brief delay. No file data is uploaded to any server.
What is the uppercase/lowercase toggle for?
Hash values are hexadecimal strings that can be displayed in either case. Some tools and systems use uppercase (A-F) while others use lowercase (a-f). The toggle lets you match whichever format your target system expects. Both representations are identical — they encode the same bytes.
Is my data sent to a server?
No. All hashing runs entirely in your browser using the Web Crypto API (for SHA algorithms) and a JavaScript MD5 implementation. Your text and files never leave your device. The tool works offline as a PWA.
How does Compare Hash mode work?
Paste any hash into the Compare field. The tool checks it against all generated hashes (both text and file) and tells you which algorithm matches. If no match is found, either the input data differs or the hash was generated with a different algorithm. The comparison is case-insensitive.
What hash algorithm should I use for passwords?
None of these directly. For password storage, use bcrypt, scrypt, or Argon2 — specialized algorithms designed to be slow and memory-hard. SHA-256 and MD5 are too fast for passwords, making them vulnerable to brute-force attacks. This tool is for checksums, data integrity, and HMAC — not password hashing.
More Free Developer Tools
Generate hashes here, then encode strings, test regex, format JSON, compare text, and more with our other free tools.