Input source
0 chars

Hashes

Type or paste text above to compute MD5, SHA-1, SHA-256, and SHA-512 hashes.

Generate MD5, SHA-1, SHA-256 and SHA-512 hashes in your browser

Hashing turns any input into a fixed-length fingerprint that lets you verify a file downloaded intact, detect tampering, or generate a stable ID for arbitrary data. This tool computes all four common digests at once — MD5, SHA-1, SHA-256, and SHA-512 — for either text you paste in or any file you select, and shows each result in both hexadecimal and Base64.

How to use this tool

Choose Text to type or paste content; the hashes recompute roughly 300ms after you stop typing. Choose File and pick a local file to hash its raw bytes. Each algorithm row has a Hex/Base64 toggle and a one-click Copy button so you can paste a checksum directly into a release note, SRI attribute, or verification command.

Verifying downloads with a checksum

Many open-source projects publish a SHA-256 (or SHA-512) digest alongside their installer or archive. After downloading, hash the file here, then compare the result to the published digest character by character. Matching digests mean the file is intact; any difference — even one character — means the file was modified or corrupted in transit.

Privacy and security

Everything happens inside your browser. The Web Crypto API computes the SHA family on a background thread, MD5 is implemented in plain JavaScript, and your file or text never touches a server. That makes this tool safe for proprietary or sensitive files where uploading to an online service would be inappropriate.

Questions

Frequently asked questions

What is a hash function?

A hash function is a one-way algorithm that turns any input — text or a file — into a fixed-length string of characters called a digest. The same input always produces the same digest, and even a single-byte change produces a completely different one, which makes hashes useful for verifying file integrity, fingerprinting data, and indexing.

Which hash algorithm should I use?

For integrity checks where collision resistance matters, prefer SHA-256 or SHA-512. SHA-1 is still widely used for git commits and legacy checksums but is no longer considered collision-resistant. MD5 is fast and useful for file fingerprinting or non-security checksums but should not be used for digital signatures or password storage.

Why are MD5 and SHA-1 still included if they're broken?

Both are still used heavily in practice — MD5 for download checksums, ETags, and cache keys; SHA-1 for git, legacy PGP, and many older protocols. This tool computes them so you can verify or migrate from existing systems. For new security-sensitive work, choose SHA-256 or SHA-512.

What's the difference between hex and Base64 output?

Both encodings represent the same bytes, just differently. Hex uses 0–9 and a–f and is twice as long as the raw digest. Base64 packs the bytes more compactly (about 33% larger than the raw digest) and is common in HTTP headers, JWTs, and Subresource Integrity (SRI) attributes. Pick whichever format your other tool or platform expects.

Is my data uploaded anywhere?

No. All hashing runs locally in your browser. SHA-1, SHA-256, and SHA-512 use the built-in Web Crypto API (crypto.subtle.digest). MD5, which the browser does not provide natively, is computed with an in-browser JavaScript implementation. Files are read with FileReader and never leave your device.