Free tool
Free hash generator
This free hash generator computes MD5, SHA-1, SHA-256, SHA-384, SHA-512, and CRC32 hashes from text or a file — including full file checksums for large files, an HMAC mode for keyed message authentication, and a hash identifier that guesses which algorithm produced a hash you found. Paste text or drop a file, get every hash instantly, and verify a download against a published checksum. Everything runs in your browser, so nothing is ever uploaded to a server.
Hash generator
Generate MD5, SHA-1, SHA-256, SHA-384, SHA-512, and CRC32 hashes — plus HMAC and a hash identifier — from text or a file, entirely in your browser.
Start typing to see live hashes.
Paste the hash you were given (e.g. from a download page) — the algorithm is auto-detected from its length.
Paste a hash you found somewhere and don't recognize — this detects likely algorithm(s) from its length, character set, and prefix (e.g. $2b$ for bcrypt).
Everything runs locally using the Web Crypto API (crypto.subtle.digest / crypto.subtle.sign) for SHA-1/256/384/512 and HMAC, and hand-rolled implementations for MD5 and CRC32. Text and files are never uploaded to a server, so this works offline and keeps your data private.
What is a hash, and what is it used for?
A cryptographic hash function takes any input — a word, a paragraph, or a multi-gigabyte file — and produces a fixed-length string of letters and numbers called a hash (or “digest”, or “checksum”). The same input always produces the exact same hash, and even a one-character change in the input produces a completely different hash. This makes hashing useful for three very different jobs: verifying that a file wasn't corrupted or tampered with, storing passwords without keeping the actual password, and quickly telling two large pieces of data apart without comparing them byte by byte.
A hash is not encryption. Encryption is reversible — you can decrypt ciphertext back into the original data if you have the key. Hashing is one-way: there is no way to reconstruct the original input from its hash. That is exactly what makes hashes useful for integrity checks and password storage — the hash proves the input matches without ever exposing the input itself.
MD5 vs SHA-1 vs SHA-256 vs SHA-384 vs SHA-512 vs CRC32
This tool generates six different algorithms side by side, because each one serves a different purpose depending on what you're protecting against — or whether you're protecting against anything at all:
| Algorithm | Output length | Best for |
|---|---|---|
| MD5 | 128 bits (32 hex chars) | Fast integrity checks, deduplication, non-security checksums. |
| SHA-1 | 160 bits (40 hex chars) | Legacy compatibility (Git blob IDs, older tooling). Avoid for new security use. |
| SHA-256 | 256 bits (64 hex chars) | The modern default — software releases, TLS certificates, blockchain, checksums. |
| SHA-384 | 384 bits (96 hex chars) | A truncated SHA-512 variant used in TLS certificates and some JWT signatures. |
| SHA-512 | 512 bits (128 hex chars) | Maximum collision resistance; often faster than SHA-256 on 64-bit hardware. |
| CRC32 | 32 bits (8 hex chars) | Fast error-detection for zip/gzip and network protocols — not for security. |
If you just need to confirm a file downloaded correctly, any of these will tell you that. If you're protecting something security-sensitive — a password, a code signature, a legal record — use SHA-256, SHA-384, or SHA-512, and treat MD5, SHA-1, and CRC32 as unsuitable.
SHA-384 and CRC32 — a stronger SHA variant, and a checksum built for speed, not security
SHA-384 is part of the same SHA-2 family as SHA-256 and SHA-512 — it's actually computed with the SHA-512 algorithm internally, just with different initial values and a truncated 384-bit output. It shows up most often in TLS cipher suites (e.g. ECDHE-RSA-AES256-GCM-SHA384) and in some JWT signing algorithms (RS384, ES384), where it offers a security margin between SHA-256 and SHA-512 without SHA-512's full 128-character output.
CRC32 is a completely different kind of algorithm, and it does not belong in the same category as the SHA family or MD5. CRC32 is a cyclic redundancy check — it was designed purely to catch accidental corruption (a flipped bit from a bad disk sector, a truncated download, a noisy network link), not to resist a deliberate attacker. It is fast, produces a short 8-character output, and is what you'll see inside .zip and .gzip file headers and in Ethernet frame checksums. Because it's trivial to construct two different inputs with the same CRC32 value on purpose, never use it anywhere a malicious actor might benefit from forging a match — that's a job for SHA-256 or SHA-512.
What is HMAC, and when do you need a secret key?
A plain hash (MD5, SHA-256, etc.) proves that data hasn't changed, but it proves nothing about who produced it — anyone can hash a message and get the same result. HMAC (Hash-based Message Authentication Code) fixes that by mixing a shared secret key into the hashing process. The result is a value that only someone who knows the key could have produced, which is what makes HMAC suitable for authenticating a message, not just checking its integrity.
Turn on “Use secret key (HMAC)” above, enter the shared key, and the tool computes HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 using the browser's native crypto.subtle.sign. MD5 and CRC32 are hidden in HMAC mode because they aren't supported as MAC algorithms by the Web Crypto API and aren't appropriate for this use case.
HMAC shows up constantly in everyday API and webhook work:
- Signing API requests. Many APIs (AWS, payment processors, exchanges) require you to sign each request with HMAC-SHA-256 using your secret API key so the server can confirm the request wasn't tampered with and really came from you.
- Verifying webhook payloads. Services like Stripe and GitHub sign outgoing webhooks with HMAC so your endpoint can confirm the payload actually came from them and wasn't forged by a third party.
- Session and token integrity. JWTs signed with an
HS256/HS384/HS512algorithm are HMAC-signed tokens — this tool lets you compute and sanity-check that signature manually.
Paste your message (text or a file) and your shared secret, and compare the output against the signature you received — a match confirms both the message integrity and that it was signed with the correct key.
Why MD5 is broken for security — but still fine for checksums
MD5 was designed in 1991 and was the internet's default hash for over a decade. It is now considered cryptographically broken. Researchers have demonstrated practical collision attacks — deliberately crafting two different inputs that produce the identical MD5 hash — since 2004, and modern hardware can generate an MD5 collision in seconds. That means an attacker can create a malicious file with the exact same MD5 hash as a legitimate one, which completely defeats MD5 as a security guarantee. The same is true, to a lesser but still serious degree, for SHA-1: Google and CWI Amsterdam published a real SHA-1 collision in 2017 (“SHAttered”), and major browsers and certificate authorities have since retired it.
So MD5 should never be used to hash passwords, sign software, verify certificates, or protect anything where an adversary might want to forge a match. For those cases, use SHA-256 or SHA-512 — and for password storage specifically, use a dedicated password-hashing algorithm like bcrypt, scrypt, or Argon2, not a raw hash at all, since general-purpose hashes are deliberately fast and therefore easy to brute-force.
That said, MD5 is still perfectly fine for non-adversarial integrity checks — confirming a file wasn't corrupted during a transfer, deduplicating files, or checking a cache key. Nobody is trying to forge a collision against your local backup script. Many tools and mirrors still publish MD5 checksums purely out of habit or legacy tooling, and that usage is harmless. The rule of thumb: if a malicious actor benefits from forging a matching hash, don't use MD5 or SHA-1 — use SHA-256 or SHA-512 instead.
Can you decrypt a hash?
No — and this is the single most common misconception about hashing. Hashing is not encryption. Encryption is designed to be reversible: with the right key, ciphertext turns back into the original plaintext. A cryptographic hash is designed to be one-way — the algorithm deliberately throws information away as it compresses an input of any size down to a fixed-length output, so there is no mathematical operation that turns a hash back into the input that produced it. Any tool, site, or service that claims to “decrypt MD5” or “decrypt SHA-256” is not actually reversing the hash — it's doing one of two things instead:
- Lookup against a precomputed table. Sites with huge databases of common passwords and their hashes (sometimes called rainbow tables) can instantly “crack” a hash if the original input was something predictable, like
password123. This only works because the input was weak and already known — it doesn't work on random or unique data. - Brute force. Trying enormous numbers of candidate inputs, hashing each one, and checking for a match. This is feasible for short or predictable inputs (a 4-digit PIN, a dictionary word) and completely infeasible for a long random string or a multi-megabyte file, where the search space is astronomically large.
The hash identifier panel in this tool leans into this honestly: given an unknown hash, it can tell you which algorithm probably produced it — based on the output length (32 hex characters usually means MD5 or NTLM, 64 means SHA-256, and so on), the character set, and recognizable prefixes like $2b$ for bcrypt or $argon2 for Argon2. That narrows down how the hash was made. It cannot, and does not claim to, tell you what input produced it — that would require reversing a one-way function, which is exactly what makes hashing useful for passwords and integrity checks in the first place.
How to verify a download with a checksum
Software publishers often post a hash (usually SHA-256) next to a download link so you can confirm the file you got is exactly the file they published — unmodified by a bad mirror, a man-in-the-middle, or a corrupted transfer. Here's how to check it:
- Find the published hash. It's usually on the same download page, in a
.sha256/.md5sidecar file, or in the release notes on GitHub. - Switch to File mode above and drop in the file you downloaded.
- Paste the published hash into the Verify panel. The tool detects whether it's MD5, SHA-1, SHA-256, SHA-384, SHA-512, or CRC32 from its length automatically.
- Check the badge. A green MATCH ✓ means the file is byte-for-byte identical to what the publisher hashed. A red NO MATCH ✗ means the file is different — re-download it from the original source before opening or installing it.
This comparison is case-insensitive, since some tools output hashes in uppercase and others in lowercase — the actual bytes are what matter, not the letter case.
File checksums vs text hashes — why file support matters
Most free hash tools online only let you paste text into a box. That works for short strings, but it completely misses the most common real-world use case: verifying a file. This tool reads the file's raw bytes directly with the browser's File API and hashes the actual binary content — the same checksum you'd get from a command-line tool like certutil, shasum, or md5sum — not a hash of a filename or a text description of the file.
Because everything happens locally in your browser via FileReader and the native crypto.subtle API, there is no upload step, no file size limit imposed by a server, and no risk of a sensitive file — a private key, a legal document, a customer export — ever leaving your device. Large files simply take a little longer to hash locally; the tool shows a “Hashing…” state while it works through the bytes.
Common use cases for a hash generator
- Verifying software downloads. Confirm an installer or ISO matches the hash published by the vendor before you run it.
- Checking file integrity after a transfer. Hash a file before and after copying it over a network, USB drive, or cloud sync to confirm nothing got corrupted.
- Deduplicating files. Two files with the same hash are (for all practical purposes) identical, which is how many backup and sync tools detect duplicates without a byte-by-byte comparison.
- Generating cache keys or IDs. Developers hash file contents or request payloads to create stable, collision-resistant cache keys.
- Quick data-integrity spot checks. Confirm a config file, database export, or log archive hasn't silently changed between two points in time.
- Learning and teaching cryptography basics. Seeing how a single changed character completely scrambles the output hash is one of the fastest ways to understand the avalanche effect.
- Signing and verifying API requests or webhooks. Use HMAC mode with a shared secret to reproduce or sanity-check a signature from a payment provider, exchange, or webhook payload.
- Figuring out what kind of hash you're looking at. Found an unlabeled hash in a database dump, config file, or old script? The hash identifier narrows down the likely algorithm from its length and format.
Is this hash generator safe and private?
Yes. Every hash and HMAC value — for both text and files — is computed entirely in your browser using the Web Crypto API (crypto.subtle.digest and crypto.subtle.sign) for SHA-1, SHA-256, SHA-384, and SHA-512, and compact, standards-compliant implementations for MD5 and CRC32, since neither is part of the Web Crypto API. Nothing you type or drop onto this page — including any HMAC secret key — is ever sent to a server, logged, or stored. That makes it safe to hash sensitive files, private keys, or confidential documents, and it means the tool keeps working even offline once the page has loaded.
Frequently asked questions
- Which hash algorithm should I use?
- For anything security-sensitive — passwords, signatures, certificates — use SHA-256, SHA-384, or SHA-512. For simple integrity checks like confirming a download or a file backup, MD5, SHA-1, SHA-256, SHA-384, SHA-512, or even CRC32 all work equally well since there's no adversary trying to forge a match.
- Is MD5 still safe to use?
- MD5 is cryptographically broken for security purposes — attackers can craft two different files that produce the same MD5 hash. Don't use it for passwords, signatures, or anything where forging a match would matter. It's still fine for non-adversarial checks like confirming a file wasn't corrupted in transit.
- Why do MD5, SHA-1, SHA-256, SHA-384, SHA-512, and CRC32 give different-length results?
- Each algorithm produces a fixed output size regardless of input size: MD5 is 128 bits (32 hex characters), SHA-1 is 160 bits (40 characters), SHA-256 is 256 bits (64 characters), SHA-384 is 384 bits (96 characters), SHA-512 is 512 bits (128 characters), and CRC32 is 32 bits (8 characters). More bits generally means a larger space of possible hashes, which makes accidental or deliberate collisions less likely — except CRC32, which trades a short output for speed and was never meant to resist deliberate collisions.
- What is HMAC and when should I use it instead of a plain hash?
- HMAC mixes a secret key into the hash so the result also proves who produced it, not just that the data is intact — a plain hash can be reproduced by anyone. Use HMAC when you're signing API requests, verifying a webhook payload, or checking a JWT's HS256/HS384/HS512 signature. Turn on 'Use secret key (HMAC)', enter the shared key, and this tool computes HMAC-SHA-1/256/384/512; MD5 and CRC32 are hidden in that mode since they aren't supported as MAC algorithms.
- Can I decrypt a hash back into its original text?
- No — hashing is one-way by design, unlike encryption. There is no operation that turns a hash back into its input. Sites that claim to 'decrypt' a hash are either looking it up in a precomputed table of common values or brute-forcing candidate inputs, which only works if the original input was short or predictable. This tool's hash identifier can tell you which algorithm likely produced an unknown hash from its length and format, but it cannot recover the original input.
- Can this tool hash large files?
- Yes. The file is read and hashed entirely in your browser, so there's no server upload limit — the practical limit is your device's memory and how long you're willing to wait. A 'Hashing…' indicator shows while larger files are processed.
- Why did my hash come out different from a hash I found online?
- The most common cause is case sensitivity or extra whitespace/newlines in the published hash — this tool's verify panel compares case-insensitively to handle that. If a text hash doesn't match, also check for hidden differences like trailing spaces, different line endings (CRLF vs LF), or a different text encoding.
- Are my files, text, or HMAC keys uploaded anywhere?
- No. Hashing and HMAC signing happen locally using your browser's built-in crypto.subtle API plus local MD5 and CRC32 implementations. Nothing — including a secret key you enter for HMAC — is uploaded, logged, or stored on a server, so this works even offline once the page has loaded.