generate MD5, SHA-1, SHA-256, and SHA-512 hashes for text or files. all hashes update in real-time as you type.
Paste any text or upload any file, and get its cryptographic hash in MD5, SHA-1, SHA-256, or SHA-512. Hashing happens entirely in your browser via the WebCrypto API — your input never leaves the page.
A cryptographic hash is a fixed-size fingerprint of an input of any size. The same input always produces the same hash; any change to the input — even one bit — produces a completely different hash. The hash is one-way: you cannot reverse it back to the input.
Two everyday uses follow from those properties:
Encryption is reversible with a key. Hashing is not reversible at all. The single most common misunderstanding about cryptography is treating these as interchangeable.
If someone says “the password is encrypted,” ask whether they mean encrypted (where the plaintext can be recovered with the right key) or hashed (where it cannot be recovered, only verified by re-hashing the candidate). The answer determines what happens if the database leaks. An encrypted password column is recoverable by anyone who also gets the encryption key; a hashed password column is not directly recoverable, only attackable.
Designed in 1991. Produces a 128-bit hash. Deprecated for cryptographic purposes since the early 2000s, when efficient collision attacks were discovered — meaning two different inputs can be constructed that produce the same MD5 hash. Still used widely for non-security purposes: file integrity checks against accidental corruption, deduplication, hash tables. Do not use MD5 for password hashing, signatures, or any case where an attacker could control the input.
160-bit output. Designed by the NSA, standardized in 1995. Practical collision attacks were demonstrated in 2017 (Google's SHAttered). Like MD5, still acceptable for non-adversarial integrity checks but not for anything security-relevant. Most systems have migrated off it.
Part of the SHA-2 family, designed in 2001. Produces a 256-bit hash. No practical collision or preimage attacks known. The right pick for any use case where you need a cryptographic-grade hash today: file integrity checks for security-sensitive downloads, content-addressable storage, digital signatures, blockchain identifiers, anywhere a hash is acting as an identifier or fingerprint.
Also from the SHA-2 family. Produces a 512-bit hash. On 64-bit hardware, it is sometimes faster than SHA-256 because it processes 64-bit words natively. Use when you specifically need the longer output — usually because a downstream system requires it, not because SHA-256 was insufficient.
Why you should not hash passwords with these
Modern browsers expose hashing through crypto.subtle.digest(), which runs the actual hashing in native code (the same compiled primitives used by TLS in the browser). For a few-megabyte file, the operation completes in milliseconds. There is no meaningful performance reason to send the file to a server for hashing — the browser is faster than the round trip.
For very large files (multi-GB), the tool reads the input in chunks and feeds them through the hasher progressively, so the entire file does not need to fit in memory at once.
The whole operation is one of those local-first computations with no good reason to involve a server — your file, your machine, your hash.
Paste any text or upload any file, and get its cryptographic hash in MD5, SHA-1, SHA-256, or SHA-512. Hashing happens entirely in your browser via the WebCrypto API — your input never leaves the page.
A cryptographic hash is a fixed-size fingerprint of an input of any size. The same input always produces the same hash; any change to the input — even one bit — produces a completely different hash. The hash is one-way: you cannot reverse it back to the input.
Two everyday uses follow from those properties:
Encryption is reversible with a key. Hashing is not reversible at all. The single most common misunderstanding about cryptography is treating these as interchangeable.
If someone says “the password is encrypted,” ask whether they mean encrypted (where the plaintext can be recovered with the right key) or hashed (where it cannot be recovered, only verified by re-hashing the candidate). The answer determines what happens if the database leaks. An encrypted password column is recoverable by anyone who also gets the encryption key; a hashed password column is not directly recoverable, only attackable.
Designed in 1991. Produces a 128-bit hash. Deprecated for cryptographic purposes since the early 2000s, when efficient collision attacks were discovered — meaning two different inputs can be constructed that produce the same MD5 hash. Still used widely for non-security purposes: file integrity checks against accidental corruption, deduplication, hash tables. Do not use MD5 for password hashing, signatures, or any case where an attacker could control the input.
160-bit output. Designed by the NSA, standardized in 1995. Practical collision attacks were demonstrated in 2017 (Google's SHAttered). Like MD5, still acceptable for non-adversarial integrity checks but not for anything security-relevant. Most systems have migrated off it.
Part of the SHA-2 family, designed in 2001. Produces a 256-bit hash. No practical collision or preimage attacks known. The right pick for any use case where you need a cryptographic-grade hash today: file integrity checks for security-sensitive downloads, content-addressable storage, digital signatures, blockchain identifiers, anywhere a hash is acting as an identifier or fingerprint.
Also from the SHA-2 family. Produces a 512-bit hash. On 64-bit hardware, it is sometimes faster than SHA-256 because it processes 64-bit words natively. Use when you specifically need the longer output — usually because a downstream system requires it, not because SHA-256 was insufficient.
Why you should not hash passwords with these
Modern browsers expose hashing through crypto.subtle.digest(), which runs the actual hashing in native code (the same compiled primitives used by TLS in the browser). For a few-megabyte file, the operation completes in milliseconds. There is no meaningful performance reason to send the file to a server for hashing — the browser is faster than the round trip.
For very large files (multi-GB), the tool reads the input in chunks and feeds them through the hasher progressively, so the entire file does not need to fit in memory at once.
The whole operation is one of those local-first computations with no good reason to involve a server — your file, your machine, your hash.
PDF utilities, image tools, developer helpers — all free, no signup.
Calculate aspect ratios and resize dimensions while keeping proportions.
Generate v4 UUIDs instantly.
Build CSS box shadows visually with live preview.
Generate a robots.
Generate placeholder images with custom dimensions, colors, and text.
Drop a screenshot and frame it in a device mockup — iPhone, MacBook, iPad, Browser, or Android.