HTTPTools

Hash Generator

Compute MD5, SHA-1, SHA-256, SHA-384 and SHA-512 hashes from any text. Hashing runs entirely in your browser — the input is never sent anywhere.

Useful for verifying file or message checksums, comparing payload fingerprints and building deterministic IDs from text.

Hashes

MD5
MD5 hash will appear here.
SHA-1
SHA-1 hash will appear here.
SHA-256
SHA-256 hash will appear here.
SHA-384
SHA-384 hash will appear here.
SHA-512
SHA-512 hash will appear here.
Type input above and the hashes will compute live.

When to use which

  • SHA-256 — the default choice for most checksums, content fingerprints and digital signatures today.
  • SHA-384 / SHA-512 — same family, larger output. Common in JWT (HS384/HS512) and some PKI contexts.
  • SHA-1 — legacy. Still used for git object IDs and a few protocols, but not safe for collision-resistant signatures anymore.
  • MD5 — checksum-only. Convenient for non-security uses like detecting accidental file corruption. Broken for any cryptographic purpose.

Not for password hashing

None of MD5, SHA-1 or the SHA-2 family are safe for storing passwords. Use a slow, memory-hard algorithm with a per-user salt: bcrypt, scrypt or argon2id. Anything else lets attackers brute-force a leaked database in minutes.

Examples

Empty string:

MD5      d41d8cd98f00b204e9800998ecf8427e
SHA-1    da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA-256  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

UTF-8 string hello world:

MD5      5eb63bbbe01eeed093cb22bb8f5acdc3
SHA-1    2aae6c35c94fcfb415dbe95f408b9ce91ee846ed
SHA-256  b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9

FAQ

Can I use this to hash a password?

No. MD5, SHA-1 and SHA-2 are too fast — a modern GPU brute-forces them at billions of tries per second. Use a password-hashing algorithm with a tunable cost: argon2id, bcrypt or scrypt, always with a unique salt per user.

Is MD5 still safe for anything?

For non-security uses like detecting accidental data corruption, yes. For anything that needs collision resistance — digital signatures, content addressing, deduplication where adversaries can influence input — no.

Why does my hash differ from another tool's hash?

Usually because of encoding. The same text in UTF-8 and UTF-16 produces different bytes and therefore different hashes. Trailing newlines also matter — copying from a file often appends one.

What does Hex bytes input do?

It treats the input as a raw byte sequence written in hexadecimal (e.g. deadbeef = 4 bytes 0xde 0xad 0xbe 0xef), not as a string to be UTF-8 encoded. Useful when you want to hash specific binary content rather than text.

Is my input sent anywhere?

No. SHA-1/256/384/512 use the browser's crypto.subtle.digest API and MD5 runs on a small embedded implementation. All work happens locally.

Related tools

Base64 Encode / Decode

Convert between text and Base64 alongside computing checksums.

UUID Generator

Generate random identifiers when a hash is not what you need.

JWT Decoder

Inspect JWT payloads — many JWTs are signed with HS256/HS384/HS512.

URL Encode / Decode

Prepare hashes for URLs and query parameters safely.