Skip to content

Generators

Hash Generator

Compute SHA-1, SHA-256, SHA-384, SHA-512 hashes.

native (Web Crypto API) Client-side
0 chars · 0 bytes

Hashes

SHA-1 is cryptographically broken. Do not use it for security-sensitive purposes — use SHA-256 or stronger.

Frequently Asked Questions & Guide

How to use this Hash Generator
  1. Type or paste your text into the input box on the left. By default, all four hashes compute live as you type.
  2. Uncheck Live hash as you type if you are pasting a large input and want to avoid recomputing on every keystroke.
  3. The SHA-1, SHA-256, SHA-384, and SHA-512 hashes appear in the right-hand panel, each with its own copy button.
  4. Click Copy next to any hash to copy it to your clipboard.

This generator uses the browser's native Web Crypto API (crypto.subtle.digest). The Web Crypto API is implemented in C++ inside the browser and uses the operating system's optimized crypto primitives — typically OpenSSL on Linux, BoringSSL on Chrome, and CommonCrypto on Safari. This makes it both faster and more secure than JavaScript-based hash implementations.

What is a cryptographic hash?

A cryptographic hash function is a mathematical algorithm that takes an input of arbitrary size and produces a fixed-size output (the "hash" or "digest"). A proper cryptographic hash function has three key properties:

  • One-way (pre-image resistance): given a hash, it should be computationally infeasible to find an input that produces that hash. You cannot "decrypt" a hash.
  • Avalanche effect: a one-bit change in the input should change roughly half the bits in the output.
  • Collision resistance: it should be infeasible to find two different inputs that produce the same hash.

Hashes are used for verifying file integrity (checksums), storing passwords (with a slow hash like bcrypt or Argon2 — never SHA alone), digital signatures, content-addressable storage (Git, IPFS), blockchain, and many other applications. The SHA-2 family (SHA-256, SHA-384, SHA-512) is currently the most widely used hash family in the world.

Which hash should I use?

For new applications, use SHA-256. It is the default for TLS certificates, JWT signatures (RS256, ES256), Bitcoin, Git, and most modern systems. SHA-384 and SHA-512 are slightly more secure but produce longer hashes (96 and 128 hex chars respectively vs 64 for SHA-256) — usually overkill. SHA-1 is broken for collision resistance and should not be used for any security-sensitive purpose; it is included here only for verifying legacy data.

Can I use this to hash passwords?

No. SHA-256 is a fast hash, which makes it terrible for password storage. An attacker with a modern GPU can try billions of SHA-256 guesses per second. For password storage, use a slow, salted hash function specifically designed for the purpose: Argon2id (the winner of the Password Hashing Competition), bcrypt, or scrypt. These are deliberately slow and memory-hard to make brute-force attacks infeasible.

What encoding is the output in?

Lowercase hexadecimal. Each byte of the hash digest becomes two hex characters. SHA-256 always produces 32 bytes (64 hex chars), regardless of input size.

Is my input sent to a server?

No. The Web Crypto API runs entirely in your browser. Your input never leaves your device.