MD5 is broken for any security purpose because collisions are cheap to produce — researchers have constructed two different inputs that hash to the same MD5 digest in seconds on a laptop. That means MD5 cannot be trusted to verify integrity against an active attacker (a malicious file can be crafted to match a known hash) and must never be used for password storage, signatures, or certificates. MD5 is still acceptable as a non-cryptographic checksum for accidental corruption (CDN cache keys, ETag-style fingerprints) when an attacker is not in the threat model.

What's the difference between hashing and encryption?

A hash is one-way: it produces a fixed-size digest from any input, and you cannot recover the input from the digest. Encryption is two-way: a key turns plaintext into ciphertext, and the same (or paired) key turns it back. Use hashing for integrity checks, deduplication, and password storage (with a slow KDF — see below). Use encryption for confidentiality. They solve different problems and are not interchangeable.

HMAC (Hash-based Message Authentication Code) combines a hash function with a secret key to produce a tag that proves both the integrity and the authenticity of a message. A plain hash tells you the data has not changed; an HMAC tells you the data has not changed AND was produced by someone who knows the key. Used for API request signing (AWS Signature v4, webhook signatures) and session cookie integrity. Always prefer HMAC-SHA-256 over a bare SHA-256 of `key + message`, which is vulnerable to length-extension attacks on Merkle-Damgård hashes.

Yes — drop a file onto the tool and it will be read with `FileReader` and streamed through the Web Crypto API. Hashes are computed entirely in the browser; the file never leaves your machine. Useful for verifying downloads against a published SHA-256, generating Subresource Integrity hashes for ` ` tags, or fingerprinting build artifacts. For SRI specifically, see our SRI Hash tool which formats the output as `sha384-…` ready to paste.

Can you reverse a SHA-256 hash or MD5 hash?

No, cryptographic hashes like SHA-256 and MD5 are strictly one-way mathematical functions. Unlike encryption, which allows you to decrypt data back to its original form using a key, a hash intentionally destroys the original data. The only way to "reverse" a hash is through brute-force guessing or using pre-computed rainbow tables.

How do I verify a downloaded file checksum?

Software vendors often publish a SHA-256 or MD5 checksum alongside a download link. To verify your file is authentic and uncorrupted, drag and drop the downloaded file into our tool, select the matching algorithm, and paste the vendor's checksum into the "Compare" input block to see if they match.

Free Online SHA-256, MD5 & HMAC Hash Generator

Compute MD5, SHA-1/256/384/512 hashes and HMAC signatures — all client-side using WebCrypto.

Compare with expected hash (optional)

Hashing vs. Encryption

A common misconception in web development is treating hashing and encryption interchangeably. While both are foundational pillars of cryptography, their mechanics and purposes are entirely opposite.

Trait	Hashing (e.g., SHA-256, MD5)	Encryption (e.g., AES, RSA)
Reversibility	One-Way (Irreversible)	Two-Way (Decryptable)
Output Length	Fixed (e.g., always 64 chars for SHA-256)	Variable (scales with input size)
Primary Use Cases	Password verification, file integrity checks, caching keys.	Securing sensitive data in transit or at rest.

Which Algorithm Should I Use?

MD5 & SHA-1

Status: Cryptographically Broken

These algorithms suffer from high collision vulnerabilities. You should never use them for securing passwords or financial ledgers. However, they remain highly popular for rapid, non-secure operations like generating uniquely identifying file checksums or database hashing keys.

SHA-256 & SHA-512

Status: Modern Standard

Part of the SHA-2 family, these are current federal and industry standards. SHA-256 is the optimal choice for almost all modern cryptographic needs, balancing high security against mathematical iteration speed. SHA-512 is frequently deployed on 64-bit hardware systems.

Frequently Asked Questions

What is HMAC and when should I use it?

HMAC (Hash-based Message Authentication Code) binds a payload to a secret cryptographic key using a hashing algorithm. It is used extensively in web development for webhook signatures (like Stripe or GitHub payloads) to mathematically prove the message genuinely originated from a server holding the secret key and wasn't intercepted or modified.

Why do my hashes differ based on encoding?

Hashing algorithms do not operate on text characters directly — they operate on raw byte arrays. The exact same string Hello will yield completely different binary bytes depending on whether you encode it as UTF-8, ANSI, or interpret it as pure Hexadecimal inputs. Always ensure your encoding matches your backend system.

Are my files uploaded when generating checksums?

No! Our hash generator uses the native JavaScript crypto.subtle WebCrypto APIs built directly into your browser. When you drag and drop a file, it is read purely into local machine memory. We have zero server-side components accessing your data.

About Hash Generator

Compute cryptographic hashes (MD5, SHA-1, SHA-256, SHA-384, SHA-512) of text or files entirely in your browser. Hashing is one-way: the same input always produces the same fixed-size digest, but you can't recover the input from the digest. The tool uses the Web Crypto API where the algorithm is available and a vetted JS implementation for legacy hashes like MD5.

What this tool does

Hash text — paste a string, get every common digest at once (MD5, SHA-1, SHA-256, SHA-384, SHA-512).
Hash files — drop a file in; the bytes are read locally and streamed through the digest, no upload.
Hex and Base64 — copy each digest in either encoding.
Side-by-side comparison — paste a known hash and the tool flags whether the computed digest matches.

What is a cryptographic hash, MD5 vs SHA?

A cryptographic hash function turns arbitrary-length input into a fixed-length digest such that any change to the input produces an unpredictable change in the output, and finding two inputs with the same digest is computationally infeasible. MD5 (128-bit) and SHA-1 (160-bit) are both broken — collisions can be constructed, so neither is safe for signatures, certificates, or anything where an attacker controls input. SHA-256 and SHA-512 (the SHA-2 family) are the current default for general-purpose integrity. SHA-3 uses a completely different construction (Keccak sponge) and is preferred when you want defence-in-depth against any future SHA-2 weakness. For password storage, none of these are appropriate alone — they're too fast. Use bcrypt, scrypt, or Argon2 (deliberately slow KDFs) so brute force is expensive.

Pipeline

Output from this tool can be sent directly to:

SRI Hash Generator — produce sha384-… integrity attributes for <script> and <link> tags.
Password Generator — generate a high-entropy secret to feed into a KDF before hashing.
JWT Decoder — verify the HMAC-SHA-256 signature on a token by hashing its header and payload.

Privacy

Everything runs in your browser. Files are read with the local FileReader API and never uploaded. Read our privacy policy.

Frequently asked

Why is MD5 broken?: MD5 is broken for any security purpose because collisions are cheap to produce — researchers have constructed two different inputs that hash to the same MD5 digest in seconds on a laptop. That means MD5 cannot be trusted to verify integrity against an active attacker (a malicious file can be crafted to match a known hash) and must never be used for password storage, signatures, or certificates. MD5 is still acceptable as a non-cryptographic checksum for accidental corruption (CDN cache keys, ETag-style fingerprints) when an attacker is not in the threat model.
What's the difference between hashing and encryption?: A hash is one-way: it produces a fixed-size digest from any input, and you cannot recover the input from the digest. Encryption is two-way: a key turns plaintext into ciphertext, and the same (or paired) key turns it back. Use hashing for integrity checks, deduplication, and password storage (with a slow KDF — see below). Use encryption for confidentiality. They solve different problems and are not interchangeable.
What's HMAC?: HMAC (Hash-based Message Authentication Code) combines a hash function with a secret key to produce a tag that proves both the integrity and the authenticity of a message. A plain hash tells you the data has not changed; an HMAC tells you the data has not changed AND was produced by someone who knows the key. Used for API request signing (AWS Signature v4, webhook signatures) and session cookie integrity. Always prefer HMAC-SHA-256 over a bare SHA-256 of `key + message`, which is vulnerable to length-extension attacks on Merkle-Damgård hashes.
Can I hash files?: Yes — drop a file onto the tool and it will be read with `FileReader` and streamed through the Web Crypto API. Hashes are computed entirely in the browser; the file never leaves your machine. Useful for verifying downloads against a published SHA-256, generating Subresource Integrity hashes for `<script>` tags, or fingerprinting build artifacts. For SRI specifically, see our SRI Hash tool which formats the output as `sha384-…` ready to paste.