Generators
Hash Generator
Compute SHA-1, SHA-256, SHA-384, SHA-512 hashes.
Hashes
SHA-1 is cryptographically broken. Do not use it for security-sensitive purposes — use SHA-256 or stronger.
Frequently Asked Questions & Guide
How to use this Hash Generator
- Type or paste your text into the input box on the left. By default, all four hashes compute live as you type.
- Uncheck Live hash as you type if you are pasting a large input and want to avoid recomputing on every keystroke.
- The SHA-1, SHA-256, SHA-384, and SHA-512 hashes appear in the right-hand panel, each with its own copy button.
- Click Copy next to any hash to copy it to your clipboard.
This generator uses the browser's native Web Crypto API (crypto.subtle.digest). The Web Crypto API is implemented in C++ inside the browser and uses the operating system's optimized crypto primitives — typically OpenSSL on Linux, BoringSSL on Chrome, and CommonCrypto on Safari. This makes it both faster and more secure than JavaScript-based hash implementations.
What is a cryptographic hash?
A cryptographic hash function is a mathematical algorithm that takes an input of arbitrary size and produces a fixed-size output (the "hash" or "digest"). A proper cryptographic hash function has three key properties:
- One-way (pre-image resistance): given a hash, it should be computationally infeasible to find an input that produces that hash. You cannot "decrypt" a hash.
- Avalanche effect: a one-bit change in the input should change roughly half the bits in the output.
- Collision resistance: it should be infeasible to find two different inputs that produce the same hash.
Hashes are used for verifying file integrity (checksums), storing passwords (with a slow hash like bcrypt or Argon2 — never SHA alone), digital signatures, content-addressable storage (Git, IPFS), blockchain, and many other applications. The SHA-2 family (SHA-256, SHA-384, SHA-512) is currently the most widely used hash family in the world.
Which hash should I use?
For new applications, use SHA-256. It is the default for TLS certificates, JWT signatures (RS256, ES256), Bitcoin, Git, and most modern systems. SHA-384 and SHA-512 are slightly more secure but produce longer hashes (96 and 128 hex chars respectively vs 64 for SHA-256) — usually overkill. SHA-1 is broken for collision resistance and should not be used for any security-sensitive purpose; it is included here only for verifying legacy data.
Can I use this to hash passwords?
No. SHA-256 is a fast hash, which makes it terrible for password storage. An attacker with a modern GPU can try billions of SHA-256 guesses per second. For password storage, use a slow, salted hash function specifically designed for the purpose: Argon2id (the winner of the Password Hashing Competition), bcrypt, or scrypt. These are deliberately slow and memory-hard to make brute-force attacks infeasible.
What encoding is the output in?
Lowercase hexadecimal. Each byte of the hash digest becomes two hex characters. SHA-256 always produces 32 bytes (64 hex chars), regardless of input size.
Is my input sent to a server?
No. The Web Crypto API runs entirely in your browser. Your input never leaves your device.