Hash Generator

0 chars· or drag a file here
MD5
SHA-1
SHA-256
SHA-512
Verify a hash

About the Hash Generator

The Hash Generator computes MD5, SHA-1, SHA-256, SHA-512, and bcrypt digests of text or files (up to 5 MiB) entirely in your browser. SHA-2 family hashes use the native Web Crypto API (NIST FIPS 180-4); MD5 uses spark-md5; bcrypt uses bcryptjs with a configurable cost factor (4-12). The five algorithms run in parallel against the same input, so you can read every digest you might need from one paste — useful for verifying a download against a published checksum, fingerprinting an X.509 certificate, deduplicating a content store, or hashing a password during local development. Compare any computed digest against an expected value with one keystroke. Nothing is uploaded; the input bytes never leave the tab.

Updated: May 7, 2026

Related Tools

Hash CheckerVerify a file or string against an expected hash with one paste — same algorithm coverage.Try it OTP GeneratorTOTP codes are HMAC-SHA-1 (or SHA-256) over a time counter — same primitive family.Try it HTTP Header CheckerAudit security headers; SHA-256 fingerprints power CSP nonces and certificate pinning.Try it cURL ConverterConvert curl commands; HMAC-SHA-256 signs AWS, Stripe, GitHub, and Slack requests.Try it JSON ViewerFormat JSON payloads whose digests you fingerprint here for ETags or audit trails.Try it JWT DecoderDecode JWTs whose signatures are HMAC-SHA-256 of the header and payload.Try it

How to use the hash generator

  • Type or paste text into the input area, or drop a file (up to 5 MiB) onto the file picker. Larger files are rejected with a fixed error literal — for gigabyte-scale inputs use sha256sum on Linux, shasum -a 256 on macOS, or openssl dgst on either.
  • Each algorithm row updates live as you edit. Toggle the per-row encoding between lowercase hex (the default, matching sha256sum), uppercase hex (matching Windows CertUtil and PowerShell Get-FileHash), and standard RFC 4648 base64 (more compact for JSON payloads).
  • Click Copy on any row to drop the digest into your clipboard. Click the algorithm name to focus that row.
  • Paste a known digest into the "Compare with expected hash" field — every algorithm row that matches lights up green, every mismatch lights up red. Useful for verifying installer images, Git object IDs, TLS certificate fingerprints, and Docker layer digests in one shot.
  • For bcrypt, choose a cost factor (10 is the OWASP 2026 minimum) and the row produces a salted modular-crypt hash starting with $2a$ or $2b$. Paste a full bcrypt hash into the compare field to verify a candidate password against it.

Common use cases

  • File integrity verification. Download an installer, container image, or release artifact, then paste the publisher's SHA-256 (or sometimes SHA-512) into the compare field. The generator confirms a match in milliseconds, without invoking a command line. Common publishers: Apache Foundation, Linux distributions, Docker Hub, GitHub release pages, and HashiCorp project downloads.
  • Password hashing for local development. bcrypt with a development-grade cost factor (cost 10) gives the same modular-crypt format your production server stores, useful for generating test fixtures, seeding a development database, or running a migration script that needs a known-good hash.
  • API request signing. HMAC-SHA-256 (RFC 2104) is the de facto standard for AWS Signature V4, Stripe webhooks, GitHub webhooks, and Slack request verification. Compute SHA-256 over the canonical request and use it as the inner part of an HMAC computation to verify or generate signatures inline.
  • Content-addressable storage. Git, IPFS, and Docker all use SHA-256 (or, in legacy Git repos, SHA-1) as the primary content addressing scheme. Compute the digest of a blob locally to look it up by ID without checking out the full repository.
  • Forensic chain-of-custody. SHA-256 digests of evidence files preserve a tamper-evident record of the bytes at the time of collection. The generator runs locally, which is the requirement for forensic workflows that explicitly forbid uploading evidence to third-party services.

Privacy and security

All five algorithms run in your browser. SHA-1, SHA-256, and SHA-512 use crypto.subtle.digest — the same primitive that powers HTTPS handshakes and Subresource Integrity. MD5 uses the lazy-loaded spark-md5 module (about 3 KB after gzip). bcrypt uses bcryptjs, lazy-loaded only when the bcrypt row is active. There is no upload, no server round-trip, no logging, and no analytics on input content. Plaintext is never written to localStorage and never URL-synced — refreshing the page clears the input field. Disconnect from the network and the generator continues to work without a hiccup.

Tips and pitfalls

  • MD5 has been collision-broken since 2004 (Wang et al.) and chosen-prefix-attacked since 2008 (Sotirov et al., used in the Flame malware certificate). Do not use it for digital signatures, certificate fingerprints, or password hashing. It is still acceptable for non-adversarial integrity checks (cache keys, deduplication, ETags) where collisions are random rather than chosen.
  • Always salt password hashes. Bare SHA-256 of a password is broken by rainbow tables and consumer GPUs that compute billions of digests per second. Use bcrypt (this tool), scrypt, or Argon2id (preferred for new systems per OWASP and the Password Hashing Competition).
  • bcrypt cost is a logarithmic slowdown. Cost 10 = 1024 internal Blowfish rounds (~150ms in the browser). Cost 12 = 4096 rounds (~600ms). Each step doubles the attacker's GPU cost. The OWASP 2026 minimum is 10; cost 12 is appropriate for high-value secrets where extra latency is acceptable.
  • SHA-256 vs. SHA-3 in 2026: SHA-256 (FIPS 180-4) remains the workhorse for fingerprints, signatures, and integrity. SHA-3/Keccak (FIPS 202) was standardized in 2015 as a structurally different alternative; it is not faster and not stronger in practice — its main role is providing a fallback hash family in case a future weakness is found in SHA-2. Most ecosystems still default to SHA-256.
  • Trailing newlines are the #1 cause of mismatched hashes between this tool and command-line utilities. echo "hello" emits 6 bytes (5 letters plus \n); typing hello in this tool sends 5 bytes. Use echo -n "hello" | sha256sum, or printf "%s" hello | sha256sum, for an apples-to-apples comparison.
  • Hex is case-insensitive in spec but case-sensitive in string equality. Lowercase is the default in Linux utilities (sha256sum, openssl dgst); uppercase is the default in Windows tools (CertUtil, Get-FileHash). The compare field is case-insensitive so you can mix sources without manual normalization.

Frequently Asked Questions

MD5 vs. SHA-256 — which should I use?
SHA-256 for any security-relevant work: signatures, fingerprints, certificate pinning, content addressing, message authentication. MD5 only for non-adversarial integrity (cache keys, deduplication, ETags) and matching legacy checksums. MD5 has been collision-broken since 2004 and chosen-prefix-attacked since 2008; SHA-256 has no known practical collisions in 2026.
Why bcrypt over SHA for passwords?
bcrypt is intentionally slow and salted. SHA-256 is intentionally fast — modern GPUs compute billions of SHA-256 hashes per second, which is exactly the wrong property for password storage. bcrypt embeds a per-password random salt (defeating rainbow tables) and a configurable cost factor (slowing brute-force by 4-6 orders of magnitude). For new systems, Argon2id is preferred; bcrypt remains widely deployed and is the OWASP-acceptable second choice.
What is a salt and why does bcrypt always include one?
A salt is a per-password random value mixed into the hash so that identical passwords produce different outputs. Without salts, an attacker who steals a password database can match every user against pre-computed rainbow tables of common passwords. bcrypt generates a fresh 16-byte salt per call and embeds it into the output (the 22-character base64 segment after $2a$10$), so the same password stored twice produces two different hashes — both verify correctly.
Why does my hash differ from sha256sum on Linux?
Almost always a trailing newline. echo "hello" writes 6 bytes (hello plus \n); pasting hello here sends 5 bytes. Use echo -n "hello" | sha256sum or printf "%s" hello | sha256sum for an apples-to-apples comparison. Less common causes: UTF-8 BOM, Windows CRLF line endings, or unintended whitespace at the end of the line.
Can I verify a downloaded file?
Yes. Drop the file onto the file picker (max 5 MiB), then paste the publisher's expected SHA-256 (or SHA-1, SHA-512) into the compare field. A green badge means a match. For files larger than 5 MiB, use sha256sum (Linux), shasum -a 256 (macOS), Get-FileHash -Algorithm SHA256 (Windows), or openssl dgst -sha256 (any platform with OpenSSL) — all of which stream from disk without loading the whole file into memory.
How do I compare hashes from different tools?
The compare field accepts any common encoding: lowercase hex (sha256sum default), uppercase hex (CertUtil default), or RFC 4648 base64. Comparison is case-insensitive for hex. Mixed-encoding compare works as long as both encodings represent the same digest bytes; the field auto-detects which encoding it received.
What does the cost factor mean for bcrypt?
cost is a base-2 logarithm of the iteration count: cost 10 = 1024 rounds, cost 12 = 4096 rounds, cost 14 = 16384 rounds. Each step doubles the time per hash, which doubles the attacker's brute-force cost. OWASP 2026 recommends cost 10 minimum; cost 12 is appropriate for high-value secrets. The slider is capped at 12 to keep the UI responsive in a browser tab.
Browser support for the Web Crypto API?
Web Crypto (crypto.subtle.digest) is supported in every modern browser: Chrome 37+, Firefox 34+, Safari 11+, Edge 12+. The page falls back to the spark-md5 library only for MD5, which is not part of the Web Crypto standard. bcrypt uses pure-JavaScript bcryptjs because Web Crypto does not implement bcrypt directly.
What are the relevant RFCs and standards?
RFC 1321 (MD5), RFC 6234 (SHA family unified spec), NIST FIPS 180-4 (SHA-1, SHA-256, SHA-512), FIPS 202 (SHA-3/Keccak), Provos & Mazières 1999 (bcrypt USENIX paper), RFC 2104 (HMAC), RFC 4648 (base64 / base32 encodings used in output formats). The OWASP Password Storage Cheat Sheet is the canonical practitioner reference for password hashing choices.
Is SHA-1 still safe?
Not for adversarial use. The SHAttered attack (2017) produced two distinct PDFs with the same SHA-1 digest, and chosen-prefix collisions are now affordable (a few thousand dollars of cloud GPU time, per the SHAmbles 2020 paper). SHA-1 still appears in legacy Git repositories, older HMAC constructions, and TOTP (RFC 6238 default), where the threat model differs from collision-finding. Do not produce new SHA-1 hashes for security-relevant purposes.
What is the file size limit and why?
Files up to 5 MiB (5 × 1024 × 1024 bytes) are accepted. The cap exists to keep memory usage and main-thread time bounded — hashing a 5 MiB file completes inside 150ms on a typical mid-range device. Larger files would either freeze the page or require a streaming worker thread, which is out of scope for the in-browser tool.
Can I hash without a network connection?
Yes. Once the page bundle has loaded, hashing works fully offline. The Web Crypto API is local; spark-md5 and bcryptjs are loaded once and cached. You can verify by disconnecting the network and watching the digests update as you type.