Secure Hash Generator
Compute MD5, SHA-1, SHA-256 and SHA-512 hashes of any text or file — entirely in your browser.
Quick answer: Compute MD5, SHA-1, SHA-256 and SHA-512 hashes of any text or file — entirely in your browser.
Last updated
Frequently asked questions
- What hash algorithms are supported?
- MD5, SHA-1, SHA-256 and SHA-512. Use SHA-256 for new work; MD5 and SHA-1 are kept for verifying legacy checksums published by old software releases.
- Is MD5 safe to use?
- Not for security (collisions are trivial), but it's still fine for verifying that a file downloaded without corruption against a vendor-published MD5. We support it because the real world still uses it.
- How big a file can I hash?
- Several hundred megabytes is comfortable on a typical laptop; very large files (multi-GB) may briefly stall the tab while the browser allocates the buffer. For huge files, prefer a native CLI (sha256sum, certutil, shasum).
- Is the file uploaded to your server?
- No. The file is read into memory locally and digested with crypto.subtle.digest. We never receive the bytes.
- Why are SHA-1 and SHA-256 hashes different lengths?
- Because the algorithms produce digests of different sizes by design: SHA-1 is 160 bits (40 hex chars), SHA-256 is 256 bits (64), SHA-512 is 512 bits (128). MD5 is 128 bits (32).
- Are the hashes lowercase or uppercase?
- Lowercase hex, which matches the format used by sha256sum, openssl, Git and most other Unix tools.
- Can I compare two hashes here?
- Yes — see the Hash Compare tool. It does a constant-time string compare so you don't leak any information through timing.
- Does encoding (UTF-8 vs UTF-16) matter for text?
- Yes. We encode text as UTF-8 before hashing, which matches every Unix tool and most languages. If you hash 'hello' in PowerShell with the default UTF-16 it will give a different result.
- Is the SHA-3 / BLAKE family supported?
- No — the Web Crypto API doesn't expose them yet. Use a native CLI for SHA-3 or BLAKE2/3.
- Can I verify a download with this tool?
- Yes. Drop the downloaded file, copy the SHA-256, and compare it against the value the vendor published. If they match exactly, the file is intact and untampered.