Text & dev
Hash Generator
Type or paste text and instantly compute its cryptographic hashes: SHA-1, SHA-256, SHA-384 and SHA-512, all shown as lowercase hexadecimal. A hash is a fixed-length fingerprint of your input — change even one character and the entire result changes — which makes hashes ideal for verifying file integrity, comparing values without revealing them, generating cache keys and checking download checksums. This tool uses your browser's native crypto.subtle.digest from the Web Crypto API, so the numbers it produces match what any standards-compliant library or command-line tool would give. SHA-256 is the recommended general-purpose choice today; SHA-1 is included for compatibility but is no longer considered secure against deliberate collisions. Everything is computed locally — your text never leaves the page.
Your text
—
—
—
—
Computed with the native Web Crypto API (crypto.subtle.digest) over the UTF-8 bytes of your text. Empty input shows the hash of an empty string.
How the hash generator works
When you type, the tool encodes your text into UTF-8 bytes with TextEncoder and passes those bytes to crypto.subtle.digest for each algorithm. The API returns a raw byte buffer, which the tool converts to a lowercase hexadecimal string — two hex characters per byte. Because hashing is deterministic, the same input always produces the same output, and any change to the input produces a completely different hash.
Output sizes
SHA-1 → 160 bits → 40 hex characters SHA-256 → 256 bits → 64 hex characters SHA-384 → 384 bits → 96 hex characters SHA-512 → 512 bits → 128 hex charactersExample: SHA-256 of "abc" is ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad.
Notes & assumptions
- MD5 is intentionally omitted — it is not offered by the Web Crypto API and is broken for security.
- SHA-1 is shown for legacy compatibility only; do not rely on it for security.
- Hashing is one-way: you cannot recover the original text from a hash.
Frequently asked questions
Which hash should I use — SHA-256 or SHA-512?
For almost everything, SHA-256 is the right default: it is fast, widely supported and considered secure. SHA-512 produces a longer digest and can be faster on 64-bit hardware for large inputs, so it is a fine choice when you specifically want a 512-bit value. Avoid SHA-1 for anything security-related, since practical collision attacks against it exist. Use SHA-384 or SHA-512 when a standard or protocol explicitly requires them.
Why is there no MD5 option?
MD5 is cryptographically broken — attackers can produce two different inputs with the same MD5 hash quite cheaply — and the browser's Web Crypto API deliberately does not offer it. Adding MD5 would require bundling third-party code, which would break this tool's zero-dependency, fully-local design. For checksums and security you should use SHA-256 or stronger anyway, so MD5 is omitted on purpose.
Can I get the original text back from a hash?
No. Cryptographic hashing is a one-way function: it deterministically maps any input to a fixed-length fingerprint, but there is no reverse operation. The only way to "crack" a hash is to guess inputs and hash them until one matches, which is why hashes are used to verify data without storing or revealing it. This tool only computes hashes; it cannot reverse them.
Will these hashes match my command line or library?
Yes, as long as the input bytes are identical. This tool hashes the UTF-8 encoding of your text, which is what tools like sha256sum, OpenSSL and most programming libraries use by default for UTF-8 text. A classic check: the SHA-256 of "abc" is ba7816bf…f20015ad, matching every standards-compliant implementation. Differences usually come from trailing newlines or different character encodings.
Is my text uploaded anywhere?
No. All hashing happens in your browser through the native Web Crypto API, with no network requests. Your text is never sent to a server, stored or logged, so you can safely hash passwords, secrets or private documents to compare fingerprints. Close the tab and nothing is retained anywhere.