English
Generate MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes instantly.
Last updated
—————A hash generator computes a *hash* — a short, fixed-length fingerprint of some input. The fingerprint changes drastically with even a single-character difference, so hashes are used to verify file integrity, check whether two values are equal without comparing them in full, build content-addressable systems (Git uses SHA-1/SHA-256), and as building blocks inside larger security protocols.
A good cryptographic hash function has three properties: it is *deterministic* (same input → same hash), *one-way* (you can't recover the input from the hash), and *collision-resistant* (it's infeasible to find two inputs with the same hash). Modern algorithms like SHA-256 and SHA-512 satisfy all three; older algorithms like MD5 and SHA-1 are *broken* and should not be used for security-sensitive comparisons.
Hashing is *not* encryption. Encryption is reversible with a key; hashing is one-way by design. Hashing is also *not* a password storage mechanism — passwords need a *password hash* like bcrypt, scrypt, or Argon2, which deliberately makes brute force expensive.
Paste any text — a string, a JSON snippet, a license key. The hash updates as you type.
Choose MD5, SHA-1, SHA-256, SHA-384, or SHA-512. SHA-256 is the safest default for general-purpose checksums.
The hash is shown in lowercase hexadecimal. Toggle uppercase or copy the value to your clipboard.
Paste a known hash (from a download page, a Git commit, a checksum file) and the tool will tell you whether yours matches.
The algorithms you'll see most often, with their output sizes and current security status. SHA-1 is specified in RFC 3174; the SHA-2 family is in NIST FIPS 180-4.
| Algorithm | Output size | Status / where you see it |
|---|---|---|
| MD5 | 128 bits / 32 hex chars | Broken — only OK for non-security checksums |
| SHA-1 | 160 bits / 40 hex chars | Broken — Git history, legacy systems only |
| SHA-256 | 256 bits / 64 hex chars | Standard — TLS, Git modern, blockchain |
| SHA-384 | 384 bits / 96 hex chars | Used in TLS suites that prefer SHA-2 family |
| SHA-512 | 512 bits / 128 hex chars | Strong — sometimes faster than SHA-256 on 64-bit hardware |
| bcrypt / scrypt / Argon2 | varies | *Password* hashes — use these for passwords, not SHA-x |
hello world
b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9
Hello world
4ae7c3b6ac0beff671efa8cf57386151c06e58ca53a78d83f36107316cec125f
One capital letter completely changes the hash. That's the *avalanche effect* — the property that makes hashes useful for change detection.
SHA256: 3a7bd3e2360a3d290dd0b1aef6a04e9b… ubuntu.isoCompute SHA-256 of the file you downloaded; compare it to the publisher's value. Match means the file wasn't corrupted in transit or tampered with.
Downloads of OS images, language runtimes, and signed releases routinely publish a SHA-256 next to the file. Always check before installing.
user@example.com
b58996c504c5638798eb6b511e6f49af
Gravatar uses MD5(email) as an avatar key. MD5 is OK for that — a non-secret identifier — but never use it where collisions or pre-image attacks would matter.
== after manipulating one of the strings. Trim whitespace and normalize case before comparing.