Hash Generator

Generate SHA-1, SHA-256, SHA-384, and SHA-512 cryptographic hashes from any text — entirely in your browser.

Input Text

Uppercase

Press Ctrl+Enter to generate

What is a Cryptographic Hash?

A cryptographic hash function takes input data of any size and produces a fixed-size output (the hash or digest). The same input always produces the same hash, but even a tiny change in the input produces a completely different hash. Hashes are one-way — you cannot reconstruct the original input from the hash. This makes them useful for verifying data integrity, storing passwords, and digital signatures.

Hash Algorithm Comparison

Algorithm	Output Size	Security	Common Use
SHA-1	160 bits / 40 hex chars	Broken (collision attacks)	Legacy checksums, Git commit IDs
SHA-256	256 bits / 64 hex chars	Strong	SSL/TLS, Bitcoin, file integrity
SHA-384	384 bits / 96 hex chars	Very Strong	TLS certificates, HMAC
SHA-512	512 bits / 128 hex chars	Very Strong	Password hashing schemes, signatures

Common Use Cases

File Integrity Verification

Compare SHA-256 hashes of downloaded files to verify they haven't been tampered with or corrupted.

Password Storage

Store hashed passwords (ideally with bcrypt/argon2) instead of plaintext. SHA-256 alone is not sufficient for passwords.

Digital Signatures

Hash a document, then sign the hash with a private key to create a tamper-evident digital signature.

API Request Signing

HMAC-SHA-256 is used to sign API requests, ensuring the request body hasn't been modified in transit.

Content Addressable Storage

Use content hashes as identifiers in systems like Git, IPFS, and Docker image layers.

Deduplication

Detect duplicate files or data by comparing their hashes without reading full content.

FAQ

Can I use SHA-256 to hash passwords?

Not directly. SHA-256 is too fast for password hashing, making brute-force attacks feasible. Use bcrypt, scrypt, or Argon2 for password storage — these are deliberately slow and include salting.

Why is SHA-1 considered broken?

In 2017, Google published SHAttered — the first practical SHA-1 collision attack. Two different PDF files were produced with the same SHA-1 hash, showing SHA-1 is no longer collision-resistant.

Is this tool safe for sensitive data?

All hashing is performed using the Web Crypto API in your browser. No data is sent to any server. However, avoid hashing truly sensitive data (like passwords) in browser tools.

What is HMAC?

HMAC (Hash-based Message Authentication Code) combines a hash function with a secret key to produce an authentication code. It provides both integrity and authentication, unlike a plain hash.

What is a Cryptographic Hash?

Hash Algorithm Comparison

Algorithm	Output Size	Security	Common Use
SHA-1	160 bits / 40 hex chars	Broken (collision attacks)	Legacy checksums, Git commit IDs
SHA-256	256 bits / 64 hex chars	Strong	SSL/TLS, Bitcoin, file integrity
SHA-384	384 bits / 96 hex chars	Very Strong	TLS certificates, HMAC
SHA-512	512 bits / 128 hex chars	Very Strong	Password hashing schemes, signatures

Common Use Cases

File Integrity Verification

Compare SHA-256 hashes of downloaded files to verify they haven't been tampered with or corrupted.

Password Storage

Store hashed passwords (ideally with bcrypt/argon2) instead of plaintext. SHA-256 alone is not sufficient for passwords.

Digital Signatures

Hash a document, then sign the hash with a private key to create a tamper-evident digital signature.

API Request Signing

HMAC-SHA-256 is used to sign API requests, ensuring the request body hasn't been modified in transit.

Content Addressable Storage

Use content hashes as identifiers in systems like Git, IPFS, and Docker image layers.

Deduplication

Detect duplicate files or data by comparing their hashes without reading full content.

FAQ

Can I use SHA-256 to hash passwords?

Not directly. SHA-256 is too fast for password hashing, making brute-force attacks feasible. Use bcrypt, scrypt, or Argon2 for password storage — these are deliberately slow and include salting.

Why is SHA-1 considered broken?

In 2017, Google published SHAttered — the first practical SHA-1 collision attack. Two different PDF files were produced with the same SHA-1 hash, showing SHA-1 is no longer collision-resistant.

Is this tool safe for sensitive data?

All hashing is performed using the Web Crypto API in your browser. No data is sent to any server. However, avoid hashing truly sensitive data (like passwords) in browser tools.

What is HMAC?

HMAC (Hash-based Message Authentication Code) combines a hash function with a secret key to produce an authentication code. It provides both integrity and authentication, unlike a plain hash.

Hash Generator

What is a Cryptographic Hash?

Hash Algorithm Comparison

Common Use Cases

File Integrity Verification

Password Storage

Digital Signatures

API Request Signing

Content Addressable Storage

Deduplication

FAQ

Can I use SHA-256 to hash passwords?

Why is SHA-1 considered broken?

Is this tool safe for sensitive data?

What is HMAC?

Related Tools

Hash Generator

What is a Cryptographic Hash?

Hash Algorithm Comparison

Common Use Cases

File Integrity Verification

Password Storage

Digital Signatures

API Request Signing

Content Addressable Storage

Deduplication

FAQ

Can I use SHA-256 to hash passwords?

Why is SHA-1 considered broken?

Is this tool safe for sensitive data?

What is HMAC?

Related Tools