Free Online Hash Generator
Generate cryptographic hash values from text or files using SHA-1, SHA-256, and SHA-512 algorithms, all powered by the browser's native Web Crypto API. Paste any text string — a password, an API key, a document — and see all three hash digests simultaneously, so you can choose the right algorithm for your use case without switching tools. Switch to file mode to drag and drop any file and compute its hash for integrity verification — confirm a download is untampered, verify a backup, or check that two files are identical. Each hash row has its own copy button and an uppercase/lowercase toggle so output matches the format your system expects. SHA-256 is the current industry standard for checksums and digital signatures. SHA-512 offers a longer digest for applications requiring higher collision resistance. SHA-1 is shown for legacy compatibility only — it is no longer considered secure for cryptographic purposes. All hashing runs entirely in your browser using crypto.subtle.digest — no data is ever sent to a server.
Frequently Asked Questions
A cryptographic hash is a fixed-length fingerprint produced by running data through a mathematical function. The same input always produces the same output (deterministic), but even a one-character change produces a completely different hash (avalanche effect). Hashes are one-way — you cannot reverse a hash back to the original data. They are used for verifying file integrity, storing passwords securely, and creating digital signatures.
All three are members of the SHA (Secure Hash Algorithm) family. SHA-1 produces a 160-bit (40 hex character) digest and is no longer considered secure for cryptographic purposes due to demonstrated collision attacks. SHA-256 produces a 256-bit (64 hex character) digest and is the current standard for certificates, code signing, and checksums. SHA-512 produces a 512-bit (128 hex character) digest, offering the highest collision resistance of the three.
Download the file and note the expected hash published by the software provider. Switch to File mode in this tool, drop the file into the upload area, and compare the generated hash against the expected value. If they match exactly (every character), the file is unaltered. Even a single flipped bit produces a completely different hash, so a match guarantees integrity.
You should not use raw SHA-256 (or any fast hash) to store passwords. Fast hashes can be brute-forced at billions of attempts per second on a GPU. For passwords, use a slow, memory-hard algorithm like bcrypt, scrypt, or Argon2 — these are purpose-built for password storage and are supported by all modern authentication libraries.
No. All hashing is performed entirely in your browser using the Web Crypto API (crypto.subtle.digest). For text, the string is encoded with TextEncoder and hashed locally. For files, the FileReader API reads the file into memory locally and passes it to the crypto API — the file data never leaves your device.
Hash digests are hexadecimal strings that are case-insensitive — 'a3f' and 'A3F' represent the same value. However, different systems have different expectations: Linux checksums and most developer tools output lowercase, while some Windows tools and certificate utilities output uppercase. The toggle lets you match the format your target system expects.
Related Tools
Discover more free utilities to enhance your productivity.