Ad
DevToolXDevToolX

Hash Generator

Calculate MD5, SHA-1, SHA-256, SHA-512 hashes

About Hash Generator

A cryptographic hash function takes an arbitrary-length input and produces a fixed-length digest. This tool computes MD5, SHA-1, SHA-256, SHA-512 and related digests entirely in the browser — your text never leaves your machine. Common uses include verifying file integrity against published checksums, generating HTTP ETags, and producing content-addressed identifiers for cache busting.

Common Use Cases

Verify file or payload integrity
Compare the SHA-256 digest of a downloaded file against the checksum published by the vendor to confirm the file was not corrupted or tampered with in transit.
Generate HTTP ETags
Hash the response body and use the digest as an ETag header value. Clients can send If-None-Match on subsequent requests; if the hash matches, return 304 Not Modified and skip the payload.
Cache-busting content hashes
Build a short hash of a CSS or JS file's content and append it to the filename (main.a3f92b.js). Browsers cache aggressively and only re-download when the hash — and thus the content — changes.
Content-addressable identifiers
Use a hash of the content as its storage key so identical inputs always resolve to the same address — the basis of Git's object store, IPFS, and many deduplication systems.

Frequently Asked Questions

Can I use MD5 or SHA-1 for password storage?

No — and this is critical. MD5 and SHA-1 are broken for collision resistance and are far too fast for password hashing; an attacker with a GPU can try billions per second. Always use a slow, salted password-hashing algorithm: bcrypt, scrypt, or Argon2. Never store passwords with a generic hash function, regardless of whether you add a salt.

What is the difference between hashing and encryption?

Hashing is one-way: given the digest you cannot recover the original input (without brute force). Encryption is reversible: with the correct key you can decrypt ciphertext back to plaintext. Use hashing for integrity and identity; use encryption when you need to retrieve the original data.

Why add a salt, and how?

A salt is a random value prepended or appended to the input before hashing. It ensures two users with the same password produce different digests, defeating precomputed rainbow-table attacks. Password-hashing libraries (bcrypt, Argon2) handle salt generation and storage automatically — do not implement this yourself.

When should I use HMAC instead of a plain hash?

When you need to verify both the integrity and the authenticity of a message and both parties share a secret key. HMAC mixes the key into the hash so an attacker who does not know the key cannot forge a valid digest. Use HMAC for API request signing, webhook verification, and cookie integrity.

SHA-256 or SHA-3?

SHA-256 (part of the SHA-2 family) is the pragmatic choice: widely supported, hardware-accelerated on most CPUs, and not known to be broken. SHA-3 uses a different mathematical construction (Keccak sponge) and is a good hedge if SHA-2 were ever broken, but in practice either is fine for integrity checks.

Related Tools

UUID Generator
Generate UUID v4 in bulk
Base64 Encoder/Decoder
Encode text to Base64 or decode Base64 to text
Base64 Image Converter
Convert between images and Base64 strings with format support
URL Encoder/Decoder
Encode or decode URL strings