🔒 Encoder Tools

Hash Generator

Generate MD5, SHA-1, SHA-256, SHA-384, SHA-512 and SHA-3 hashes from text or files — all algorithms simultaneously. HMAC mode, file drag-and-drop, hash comparison, uppercase toggle. 100% client-side via Web Crypto API — your data never leaves your browser.

All 6 algorithms at once HMAC with secret key File drag-and-drop hashing Hash comparison & verify

AdSense — 728×90 Leaderboard

Options: Uppercase Live update Include newline

📤

Drop any file here or click to select

Hash is computed locally — file never leaves your browser

HMAC (Hash-based Message Authentication Code) combines a hash function with a secret key. Use it to verify both the integrity and authenticity of a message — anyone without the key cannot reproduce the HMAC.

Secret key: Uppercase

Verify a file or text hash against a published checksum. Paste the text or drop a file, enter the expected hash, and the tool shows whether they match.

Text to hash

Expected hash (paste the checksum to verify against)

🔍 Paste text and expected hash to compare

AdSense — 728×90 Leaderboard

🔢

Need to encode text or files to Base64?

The free Base64 Encoder handles text strings, files and binary data — encode and decode with URL-safe variant support. A natural companion to hash verification workflows.

🔢 Base64 Encoder →

⭐ User Ratings

Rate this tool

4.9

Based on 14,829 ratings

13,494

890

297

Was this hash generator helpful?

Thank you for your rating!

Features

All algorithms simultaneously, HMAC, file hashing and hash comparison — features most hash generators skip

Most online hash generators show one algorithm at a time. This tool generates MD5, SHA-1, SHA-256, SHA-384, SHA-512 and SHA-3 simultaneously from a single input, flags deprecated algorithms with security warnings, and adds HMAC, file hashing and hash comparison in the same tool.

⚡

All 6 algorithms simultaneously

MD5, SHA-1, SHA-256, SHA-384, SHA-512 and SHA-3-256 all generated from a single input at once. No switching between algorithm dropdowns. Every algorithm updates live as you type. Copy each hash individually with one click.

🔑

HMAC generation

Generate HMAC-SHA-256, HMAC-SHA-512 and more with a secret key. HMAC combines a hash with a shared secret to verify both the integrity and authenticity of a message. Used for webhook signature verification, API authentication and data signing. Rare on free tools.

📂

File drag-and-drop hashing

Drop any file onto the file zone to compute its hash. Useful for verifying downloaded software against published checksums, detecting file corruption, and comparing files. All processing uses the FileReader API locally — the file never leaves your browser.

✓

Hash comparison and verify

Paste text and an expected hash. The tool auto-detects which algorithm produced the expected hash (by its length), computes the matching hash from your input, and shows a green match or red mismatch. Covers MD5, SHA-1, SHA-256, SHA-384 and SHA-512.

⚠️

Security warnings on MD5 and SHA-1

MD5 and SHA-1 are flagged with amber “Insecure” badges. MD5 has been cryptographically broken since 2004 — collisions can be deliberately crafted. SHA-1 has been deprecated since 2017. The warnings remind you to use SHA-256 or higher for any security-sensitive use case.

🔒

100% client-side via Web Crypto API

SHA-1, SHA-256, SHA-384 and SHA-512 use the browser’s native Web Crypto API — hardware-accelerated, FIPS-compliant, and zero data transmission. MD5 and SHA-3 use pure JavaScript implementations. Your text and files never touch a server under any circumstances.

How to use

How to generate a hash online

Type or paste your text

In the Text tab, type or paste the text you want to hash. With Live update enabled, all six hash algorithms update as you type — no button needed. Disable Live update for large inputs where you want to control when hashing runs. The character and byte count updates in the footer.

Choose uppercase or lowercase output

Hash values are hexadecimal strings. By convention they are displayed in lowercase, but some systems expect uppercase. Toggle the Uppercase checkbox to switch all hash outputs to uppercase simultaneously. This does not affect the hash value itself — only its display format.

Copy any hash

Click the Copy button next to any algorithm card to copy that hash to your clipboard. The hash is copied in the current uppercase/lowercase format. For most use cases, SHA-256 is the recommended algorithm. MD5 and SHA-1 are shown but marked as insecure.

Hash a file

Switch to the File tab. Drag and drop any file onto the drop zone, or click to select it. The tool reads the file in chunks using the FileReader API and computes all hash algorithms. Use this to verify a downloaded file against the SHA-256 or MD5 checksum published by the download source.

Verify a hash (Compare tab)

Switch to Compare. Paste your text in the first field and the expected hash in the second. The tool detects the algorithm from the hash length, computes the matching hash, and shows a green match or red mismatch. Use this to verify download checksums, API responses, or any published hash value.

Quick reference

Hash algorithm comparison

Algorithm	Output size	Security status	Common use cases
MD5	128-bit (32 hex)	⚠ Broken (2004)	Non-security checksums, cache keys, legacy systems
SHA-1	160-bit (40 hex)	⚠ Deprecated (2017)	Legacy systems, Git commit IDs (internal only)
SHA-256	256-bit (64 hex)	✓ Secure	TLS certificates, Bitcoin, code signing, general use
SHA-384	384-bit (96 hex)	✓ Secure	High-security certificates, government compliance
SHA-512	512-bit (128 hex)	✓ Secure	Maximum security, archive verification, forensics
SHA-3-256	256-bit (64 hex)	✓ Secure	Alternative to SHA-2, different construction (Keccak)

Complete guide

Hash Generator — A Complete Guide to MD5, SHA-256, SHA-512 and HMAC

A cryptographic hash function takes an input of any size — a single character, a paragraph, or a 10GB file — and produces a fixed-size output called a hash, digest or checksum. The hash is deterministic: the same input always produces the same output. But the relationship is one-way: you cannot reconstruct the input from the hash. And it is collision-resistant: it is computationally infeasible to find two different inputs that produce the same hash. These three properties make hashes essential for file integrity verification, digital signatures, password storage and data deduplication.

MD5 SHA-256 hash generator online free

MD5 (Message Digest 5) was designed by Ron Rivest in 1991 and produces a 128-bit hash displayed as 32 hexadecimal characters. It was once the standard for file checksums and password storage. However, in 2004 researchers demonstrated that MD5 collisions — two different inputs producing the same hash — could be computed on ordinary hardware in minutes. MD5 should never be used for security-sensitive purposes. SHA-256 is part of the SHA-2 family, designed by the NSA and standardised by NIST. It produces a 256-bit hash (64 hex characters) and is currently considered secure. SHA-256 is used in TLS certificates, Bitcoin proof of work, code signing and most modern security applications.

File hash generator for verification

When you download software, the publisher typically publishes a SHA-256 or MD5 checksum alongside the download. After downloading the file, you compute its hash and compare it to the published value. If they match, the file is intact — it was not corrupted during download and was not tampered with in transit. This is critical for security software, operating system installers, and any file where integrity matters. File hashing works by reading the file in chunks (to avoid loading large files entirely into memory) and feeding each chunk through the hash algorithm sequentially.

HMAC generator online free

HMAC (Hash-based Message Authentication Code) is a construction that combines a hash function with a secret key. HMAC-SHA-256 is computed as: HMAC = Hash(key XOR opad ‖ Hash(key XOR ipad ‖ message)). The critical property is that only someone who knows the secret key can produce or verify the HMAC. This makes it suitable for webhook signature verification (GitHub, Stripe and most webhook APIs use HMAC-SHA-256 to sign payloads), API authentication tokens, and verifying that a message has not been tampered with in transit. Unlike a bare hash, an HMAC cannot be forged without the key even if the attacker knows the algorithm.

SHA-512 generator online

SHA-512 is part of the SHA-2 family and produces a 512-bit hash (128 hex characters). It is more secure than SHA-256 by virtue of its longer output, but importantly: on 64-bit systems, SHA-512 is often faster than SHA-256 because its internal operations are designed around 64-bit words. For most applications, SHA-256 is sufficient. Choose SHA-512 when you need maximum security, when working with high-value archives, forensic data, or government and compliance contexts that mandate 512-bit hashes.

Checksum verifier free tool

A checksum is any value computed from data that allows you to verify the data’s integrity. In common usage it refers to a cryptographic hash — specifically SHA-256 or MD5 — published alongside a file download. Verifying a checksum involves: (1) downloading the file, (2) computing the hash of the downloaded file, (3) comparing your computed hash to the published checksum. If they match exactly, the file is authentic. The Compare tab of this tool automates step 3: paste your text and the expected hash and it shows match or mismatch instantly, auto-detecting the algorithm from the hash length.

Frequently asked questions

What is a hash generator?

A hash generator converts any input — text or a file — into a fixed-length string of hexadecimal characters using a cryptographic hash function. The same input always produces the same output, but the output cannot be reversed to recover the input. Hash generators are used for file integrity verification, checksums, digital signatures and testing hash functions.

Which hash algorithm should I use?

Use SHA-256 for general-purpose security applications — it is the current industry standard. Use SHA-512 when maximum security or compliance requirements demand it. Use MD5 only for non-security checksums like cache keys or legacy system compatibility where security is irrelevant. Never use MD5 or SHA-1 for passwords, signatures or any security-sensitive purpose — both are cryptographically broken.

Is MD5 safe to use?

MD5 is not safe for security-sensitive applications. Collisions — two different inputs that produce the same MD5 hash — can be computed deliberately on ordinary hardware in minutes. MD5 is acceptable for non-security uses like detecting accidental file corruption, generating cache keys, and legacy system compatibility. For any security use — passwords, signatures, certificates — use SHA-256 or higher.

What is HMAC and when should I use it?

HMAC (Hash-based Message Authentication Code) combines a hash function with a secret key to produce a value that verifies both the integrity and authenticity of a message. Use HMAC when you need to confirm that a message came from someone who knows the shared secret key — common uses include webhook signature verification (GitHub, Stripe), API authentication, and cookie signing.

How do I verify a file checksum?

To verify a file: (1) open the File tab and drop your downloaded file onto the drop zone — all hash algorithms are computed locally. (2) Copy the SHA-256 hash (or whichever algorithm the publisher used). (3) Compare it to the checksum published on the download page — or use the Compare tab: paste the text and expected hash for an instant match/mismatch result.

Can I hash a password with this tool?

You can compute a SHA-256 hash of a password for testing purposes, but you should never store passwords as plain SHA-256 (or any fast hash) in a production system. Fast hash functions like SHA-256 can be brute-forced at billions of attempts per second. Use bcrypt, Argon2 or scrypt for password storage — these are deliberately slow and include a salt to prevent rainbow table attacks.

What is the difference between SHA-256 and SHA-512?

SHA-256 produces a 256-bit (64 character) hash using 32-bit internal operations. SHA-512 produces a 512-bit (128 character) hash using 64-bit internal operations. Both are part of the SHA-2 family and are currently considered secure. SHA-512 is often faster than SHA-256 on 64-bit systems. Use SHA-256 for general applications; use SHA-512 when you need maximum security or compliance mandates it.

Is my data safe when using this tool?

Yes. All hashing is performed entirely in your browser. SHA-1, SHA-256, SHA-384 and SHA-512 use the browser’s native Web Crypto API — the same cryptographic library used by HTTPS. MD5 and SHA-3 use pure JavaScript implementations. Neither your text nor your files are ever sent to any server, stored, or logged. The tool works offline after the first page load.

Related tools