Skip to content
devsmiths

Hash Generator

Compute MD5, SHA-1, SHA-256, SHA-384, SHA-512 — all at once, in your browser.

Input

What this tool does

A hash function turns any input into a fixed-length fingerprint. This tool computes MD5, SHA-1, SHA-256, SHA-384, and SHA-512 of whatever you type or paste — all five at once so you can grab the one you need without switching tools. SHA-* run via the platform Web Crypto API; MD5 is implemented inline because Web Crypto omits it. Everything happens in your browser.

How to use it

Type or paste your input. The five digests update live. Click the copy icon next to a row to copy that one hex string.

Examplehello world:

MD5     5eb63bbbe01eeed093cb22bb8f5acdc3
SHA-1   2aae6c35c94fcfb415dbe95f408b9ce91ee846ed
SHA-256 b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9

Limits and edge cases

  • MD5 and SHA-1 are not cryptographically secure. Both have practical collision attacks — never use them for password storage, message authentication, or digital signatures. They’re still useful for non-security fingerprints (Git object hashes, ETags, cache busting, S3 multipart checksums), which is why we keep them.
  • For new security work, use SHA-256 or stronger. For password storage specifically, use a memory-hard KDF (Argon2id, scrypt, bcrypt) — not a bare hash.
  • This tool hashes text input as UTF-8. For binary files, drop them into the input panel — they’re read as text and hashed as-is, which matches what most file-hashing CLIs do.
  • Output is the hex encoding of the digest. Toggle the uppercase checkbox if your downstream tool expects A–F.

Frequently asked questions

Is my input sent to a server?
No. SHA-* run via the browser's Web Crypto API; MD5 runs in inlined JavaScript. Nothing is uploaded.
Which hash should I use?
For security (passwords, MACs, signatures): never MD5 or SHA-1. SHA-256 is the modern default; SHA-384 / SHA-512 are appropriate when you need longer digests. For non-security fingerprints (file dedup, cache keys, Git-style identity): any of them work, MD5 is fastest.
Why does Web Crypto not support MD5?
MD5 has known collision attacks since 2004. The Web Crypto designers intentionally omitted it to discourage security use. We inline an MD5 implementation because non-security MD5 use cases (legacy file checksums, Git, S3) are still common and deserve a working tool.
What about HMAC?
Not yet — this tool computes plain digests. HMAC needs a separate key input and would warrant its own surface.
Why are MD5 and SHA-1 marked with a warning?
To remind you they're insecure for security use. The hash still computes correctly — the warning just prevents accidental misuse.