Is MD5 still safe to use?

No — MD5 is cryptographically broken. Collisions can be generated in seconds on consumer hardware. It's fine for non-security uses like file checksums and cache keys, but never use it for digital signatures, password storage, or anything where an attacker benefits from finding collisions.

Which hash should I use?

For integrity checking of non-adversarial data, SHA-256 is the modern default. For password storage, use a dedicated password hash like Argon2, bcrypt, or scrypt — NEVER plain SHA-anything, because fast hashes are easy to brute-force.

Is my input sent to a server?

No. SHA hashes use the browser's native Web Crypto API. MD5 uses an in-page JavaScript implementation. Your text never leaves the device.

Does it support large inputs?

Yes. Hashing is streaming-friendly; typical browsers handle tens of megabytes of text without issue. Very large inputs may take a fraction of a second.

Hash Generator — MD5, SHA-1, SHA-256, SHA-512

Compute all four common cryptographic hashes of any text at once. Runs entirely in your browser — SHA via native Web Crypto, MD5 via in-page JavaScript.

Uppercase output

MD5 — 128-bit

SHA-1 — 160-bit

SHA-256 — 256-bit

SHA-512 — 512-bit

What is a hash function?

A cryptographic hash function takes input of any length and produces a fixed-size string — the "digest." Good hash functions are one-way (you can't reverse them), deterministic (the same input always produces the same output), and sensitive to change (flipping one bit in the input completely changes the output). They're used to verify file integrity, create content addresses, and — with the right construction — store passwords.

The four hashes this tool computes

MD5 (128 bits) — designed in 1991. Cryptographically broken but still used for non-security checksums and cache keys.
SHA-1 (160 bits) — designed in 1995. Also broken for security (SHAttered attack in 2017), still used in legacy Git commits and certificates.
SHA-256 (256 bits) — part of the SHA-2 family. The modern default for integrity checking, used in TLS, Bitcoin, and most file-verification workflows.
SHA-512 (512 bits) — SHA-2's largest variant. Slightly faster than SHA-256 on 64-bit hardware and produces a longer digest when you need more collision resistance.

How to use

Type or paste text into the input panel (or upload a file).
All four hashes compute live as you type.
Click Copy on any row to copy that digest.
Toggle uppercase if your target system expects uppercase hex.

Common use cases

File integrity — verify a downloaded file matches the publisher's checksum.
Cache keys — derive a stable identifier for a piece of content.
Git / content-addressable storage — Git uses SHA-1 (and now SHA-256) for commit IDs.
API signatures — many APIs use HMAC-SHA-256 for request signing.
Deduplication — detect identical files without comparing byte-by-byte.

Don't use these for passwords

Generic cryptographic hashes like SHA-256 are too fast for password storage. A modern GPU computes billions of SHA-256 digests per second, so a leaked password database can be brute-forced quickly. For passwords, use a password hash function designed to be slow and memory-hard: Argon2, bcrypt, or scrypt. Those include per-password salts and tunable work factors.

Privacy

All hashing is local. SHA variants use the browser's native crypto.subtle.digest. MD5 is implemented in JavaScript inside this page. Nothing is uploaded.

Frequently Asked Questions

Why is MD5 still around if it's broken?

Can I hash binary files?

What about SHA-3 and BLAKE2/3?

Why are hashes shown in hex?

Hash Generator — MD5, SHA-1, SHA-256, SHA-512

Need to scan documents to real PDFs?

What is a hash function?

The four hashes this tool computes

How to use

Common use cases

Don't use these for passwords

Privacy

Frequently Asked Questions

Related tools

Base64 Encode

Password Generator

All Tools