Tools/Security/Hash Generator

Hash Generator

Generate MD5, SHA-1, SHA-256, and SHA-512 hashes from text or files. Auto-hashes as you type.

Input Text

Drop a file here or click to upload

Hash Comparison

Expected Hash

Actual Hash

All Hashes

MD5 (128-bit)

SHA-1 (160-bit)

SHA-256 (256-bit)

SHA-512 (512-bit)

Related Tools

JWT Decoder

Decode and inspect JSON Web Tokens

Password Strength Checker

Test password strength and get improvement tips

Base64 Encode / Decode

Encode or decode Base64 strings

Which hash should you use?

AlgorithmOutputStill safe?Use for
MD5128 bits❌ broken (collisions demonstrated)Legacy only. File deduplication where adversaries aren't in scope.
SHA-1160 bits❌ broken (2017 SHAttered)Legacy. Git uses it but is migrating to SHA-256.
SHA-256256 bits✅ safeGeneral-purpose cryptographic hash. Bitcoin, TLS, file integrity.
SHA-512512 bits✅ safeFaster than SHA-256 on 64-bit CPUs, same security.
SHA-3variable✅ safeNew Keccak-based standard. Rarely needed over SHA-256.
BLAKE3256 bits✅ safeMuch faster than SHA-256. Great for file hashing.
bcrypt / scrypt / Argon2variable✅ safe for passwordsPassword hashing only. Deliberately slow + salted.

Never use MD5, SHA-1, or even plain SHA-256 for passwords. Use Argon2id (best), bcrypt (widely supported), or scrypt. They're intentionally slow — a GPU farm can compute 10 billion SHA-256s per second but only a few thousand bcrypts per second.

Common use cases

  • File integrity — SHA-256 the downloaded file, compare to the publisher's listed hash. If they match, the file wasn't corrupted or tampered with.
  • Deduplication — S3, Git LFS, deduped backups all use content-addressable storage: hash is the key.
  • Digital signatures — sign the hash of a document, not the document itself (public-key crypto on 256 bits is fast; on a 100MB PDF is slow).
  • Password storage — bcrypt/Argon2 specifically. Never plain hash functions.
  • HMAC — keyed hash for message authentication. HMAC(key, message) proves the message wasn't tampered with + came from someone with the key.
  • Content-addressable cache — Docker layers, npm packages, webpack bundles identified by hash.

Frequently Asked Questions

What is a hash function?

A hash function takes input data of any size and produces a fixed-size output (hash). It's one-way — you cannot reverse a hash to get the original data.

Which hash algorithm should I use?

SHA-256 is recommended for most purposes. MD5 and SHA-1 are considered broken for security use but still useful for checksums. SHA-512 provides extra security margin.

What is HMAC?

HMAC (Hash-based Message Authentication Code) combines a hash function with a secret key to verify both data integrity and authenticity. HMAC-SHA256 is commonly used in API authentication.

Related Developer Tools

JWT Decoder Decode and verify JSON Web Tokens.
SSL / TLS Checker Verify certificates and expiry.
Security Headers Scan HTTP security headers A–F.
CSP Evaluator Analyze Content Security Policy.
CORS Tester Debug Cross-Origin policy.
Cert Decoder Decode PEM / X.509 certificates.

Smarter quality checks. Faster deployments.
Better apps.

Legal
Privacy Policy Terms & Conditions
Company
About Contact
Get in touch

email contact@webority.com

Follow us

Copyright © 2026 BuildStudio. All rights reserved.

Designed and Developed by Webority Technologies

Copied to clipboard