Hash Generator

Generate SHA-1, SHA-256, SHA-384 and SHA-512 hashes instantly

SHA-256 (recommended)

—

SHA-1 (legacy — not for security)

—

SHA-384

—

SHA-512

—
🔒 Hashing runs in your browser via the Web Crypto API. Your input is never uploaded. Tip: click a hash to copy it.

Type any text and this tool computes its SHA-1, SHA-256, SHA-384 and SHA-512 hashes live, using your browser's built-in cryptography. Click any result to copy it. Nothing is sent to a server.

What is a hash?

A cryptographic hash function takes any input — a word, a file, a gigabyte of data — and produces a fixed-length string of hex digits called a digest. It has three defining properties: it's deterministic (the same input always gives the same hash), it's one-way (you can't work backwards from the digest to the input), and even a one-character change produces a completely different result (the "avalanche effect"). SHA-256, for instance, always returns 64 hex characters no matter how big the input is.

Hashing is not encryption

This trips people up: encryption is reversible with a key; hashing is not reversible at all. There's no key and no "unhash" — the original data genuinely cannot be recovered from the digest. That's exactly why hashing is used to verify things rather than to hide and later reveal them.

When and why you'd use it

Worked examples

hello → SHA-256 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824 — always 64 hex characters.
Hello (capital H) produces a totally different digest — a tiny change avalanches through the whole output.
The empty string has a fixed, well-known SHA-256 — hashing is deterministic, so it never changes.

Frequently asked questions

Can I reverse a hash back to the original text?

No — hashing is one-way by design. "Hash crackers" don't reverse anything; they just hash huge lists of guesses and look for a match, which is why weak or common inputs are still risky.

Where's MD5?

Browsers' Web Crypto API deliberately omits MD5 (and it's cryptographically broken — collisions are easy to produce). We only offer the SHA family. Avoid MD5 and SHA-1 for anything security-related; use SHA-256 or stronger.

Do two different inputs ever share a hash?

In theory yes (a "collision"), but for SHA-256 finding one is computationally infeasible. For MD5 and SHA-1, collisions have been produced — another reason they're retired for security use.

Is my input sent anywhere?

No. Hashing happens locally with crypto.subtle.digest. Nothing leaves your device.

Hashing alone is not password storage. A plain SHA-256 of a password is fast to brute-force. Real password storage needs a unique random salt plus a deliberately slow algorithm like bcrypt, scrypt, or Argon2. Use SHA hashes for integrity/checksums, not as your password scheme.