Are my files uploaded anywhere?

No. Hashing happens entirely in the browser via the Web Crypto API (SHA) and a built-in MD5 routine. Nothing is sent to a server.

Is MD5 still safe to use?

Only for non-security purposes like ETags, deduplication, or verifying downloads from legacy mirrors. MD5 collisions are trivial to construct, so it should never be used for passwords, signatures, or trust decisions.

Which hash should I pick for new work?

SHA-256 for almost everything. Use SHA-512 if you want a longer digest and are on a 64-bit CPU. Never use MD5 or SHA-1 for signatures.

Can I use these hashes to store passwords?

No. Plain MD5/SHA-* are the wrong tool for passwords — they are too fast and have no built-in salting. Use bcrypt, scrypt, or Argon2 instead.

Why do my hashes differ from sha256sum by one byte?

Almost always a trailing newline. sha256sum of a file usually includes the final newline; pasting the same content into text mode without the newline will produce a different hash.

$hash-generator

Generators

Compute cryptographic checksums for text or files. Supports MD5, SHA-1, SHA-256, SHA-384, and SHA-512. Everything runs in your browser — files are never uploaded.

Text to hash

Text is encoded as UTF-8 before hashing.

Type or paste text above to see hashes

How to use the hash generator

A hash function reduces any input — a password, a file, a JSON blob — to a fixed-length fingerprint. Two identical inputs always produce the same hash; a single byte change produces a completely different one. That makes hashes the standard tool for file integrity checks, deduplication, cache keys, and commit identifiers.

Choose text or file mode. Text is UTF-8 encoded before hashing, so what you paste is exactly what gets hashed — no trailing newlines unless you add them. File mode reads the raw bytes.
Paste or pick your input. All five hashes are computed at once so you can compare against the published checksum in any format the vendor happens to use.
Copy the value you need. Each row has a copy button. Paste into a sha256sum -c file, a CI cache key, or your verification checklist.

Which hash should I use?

SHA-256for almost everything. It’s the default in TLS, Git, package registries, and nearly every modern spec.
SHA-512when you want a longer digest and your CPU is 64-bit — it’s often faster than SHA-256 on modern hardware.
MD5 only for non-security uses like ETags, deduplication, or verifying downloads from legacy mirrors. MD5 collisions are trivial to construct — never use it for passwords or signatures.
SHA-1 is deprecated for signatures (Git is phasing it out, browsers rejected it years ago). Fine for internal checksums; not fine for trust decisions.

A note on password hashing: plain MD5/SHA-* are the wrong tool. Use bcrypt, scrypt, or Argon2 — they are intentionally slow and include salting. The hashes here are for integrity and identity, not credentials.