Generate SHA-1, SHA-256, and SHA-512 cryptographic hashes from any text string. Uses the browser Web Crypto API — your input never leaves your device.
Drop a file here to compute its hash, or click to select
Hash Generator is a free online tool that computes cryptographic hash values for any text input using industry-standard algorithms including MD5, SHA-1, SHA-256, and SHA-512. It also supports file hashing and HMAC (Hash-based Message Authentication Code) generation. A hash function takes an arbitrary-length input and produces a fixed-length, deterministic output known as a digest or checksum. All hashing is performed entirely in your browser — your data is never transmitted to any external server.
Use the Hash Generator when you need to create checksums for verifying data integrity, generate hash values for password storage comparison, or produce deterministic identifiers from text content. The file hashing feature lets you verify downloaded files against known checksums. HMAC is used for API authentication and message verification where both the sender and receiver share a secret key.
Developers use Hash Generator to compute checksums for verifying file integrity, generate content-based cache keys, create deterministic identifiers for deduplication systems, and verify that data has not been tampered with during transit. HMAC is widely used in webhook signature verification (GitHub, Stripe), API authentication (AWS Signature), and secure session management.
Essential terms and definitions related to Hash Generator.
A one-way mathematical function that takes any input and produces a fixed-size output (digest) that is practically impossible to reverse. Key properties: deterministic (same input always produces the same hash), avalanche effect (a tiny input change completely changes the output), and collision-resistant (extremely hard to find two different inputs that produce the same hash).
A set of cryptographic hash functions designed by the NSA, including SHA-256 (256-bit output) and SHA-512 (512-bit output). SHA-2 is the current industry standard for data integrity verification, digital signatures, and blockchain. It replaced SHA-1, which is now considered weak due to demonstrated collision attacks.
A random value added to the input before hashing, primarily used in password storage. Salting ensures that identical passwords produce different hashes, defeating precomputed rainbow table attacks. Each user should have a unique salt stored alongside their hashed password.
A hash value used to verify data integrity — confirming that a file or message has not been altered during transmission or storage. By comparing the checksum of the received data with the original, you can detect accidental corruption. Common checksum algorithms include SHA-256, MD5, and CRC32.
No. This tool uses the Web Crypto API, which supports SHA-1, SHA-256, SHA-384, and SHA-512. MD5 is not included in the Web Crypto API because it is considered cryptographically broken and should not be used for security purposes.
You can paste your original text, generate the hash, and then manually compare the output to your expected hash value. The comparison is straightforward since hashes are displayed as hexadecimal strings.
SHA-1 is considered weak for cryptographic purposes and should not be used for digital signatures or certificates. However, it is still acceptable for non-security uses like checksums and deduplication. For security-sensitive applications, use SHA-256 or SHA-512.
This tool hashes text input only. To hash a file, you would need to read the file contents as bytes first. For text files, you can paste the content directly into this tool.
Common errors developers encounter and how to resolve them.
Hash value differs every time: Salt and encoding differences Cryptographic hash functions are deterministic — the same input always produces the same hash. If you are getting different results, there are invisible differences in the input text: a trailing space or newline (\n) character, different character encoding (UTF-8 vs UTF-16), or a BOM (Byte Order Mark). Additionally, some systems automatically add a Salt (random prefix); in that case hash = H(salt + password), so a different output each time is the expected behavior. For pure hash verification, paste your text into this tool to generate an unsalted hash.
Hash comparison fails: Case and encoding inconsistency SHA hashes are displayed as hexadecimal strings. Some systems use uppercase (A-F) while others use lowercase (a-f) — when comparing two hashes, convert both to the same case using toLowerCase(). Also, some tools output hashes in Base64 format, while this tool uses hexadecimal (hex) format. Before comparing, make sure both sides use the same output encoding (hex vs Base64).
Web Crypto API not supported: SecurityError or undefined The Web Crypto API (crypto.subtle) only works in secure contexts (HTTPS or localhost). On pages accessed via HTTP, crypto.subtle returns undefined and hash generation fails. Additionally, some older browsers (like IE 11) do not support the Web Crypto API at all. Since our site is served over HTTPS, you will not encounter this issue here. However, if you are computing hashes in your own projects, verify that your page is running in a secure context.