Free Online Hash Generator

Why use Hash Generator

• Three algorithms at once -- SHA-1, SHA-256, and SHA-512 -- so you don't have to run separate conversions.
• File hashing via drag-and-drop lets you verify downloads without opening a terminal.
• Uppercase/lowercase toggle matches whatever format your target system outputs.
• Powered by the browser's Web Crypto API (crypto.subtle) -- the same implementation TLS uses.

How it works

For text input, the tool converts your string to a UTF-8 byte array using TextEncoder, then passes the bytes to crypto.subtle.digest() three times -once for each algorithm (SHA-1, SHA-256, SHA-512). The Web Crypto API performs the hash computation using the platform's native cryptographic implementation, which is typically hardware-accelerated. The resulting ArrayBuffer for each algorithm is converted to a hexadecimal string by mapping each byte to its two-digit hex representation. For file input, the FileReader API reads the dropped file into an ArrayBuffer entirely in browser memory, and that buffer is passed to the same digest functions. SHA-1 produces a 160-bit (20-byte) digest, SHA-256 produces 256 bits (32 bytes), and SHA-512 produces 512 bits (64 bytes). The avalanche property of these algorithms means that changing even a single bit in the input produces a completely different hash output.

About this tool

SHA-256 is what npm uses to verify packages, what Docker uses for image layers, and what GitHub prints next to release assets. When you need a checksum, this is probably the algorithm. Paste text or drag a file, and you'll see SHA-1, SHA-256, and SHA-512 digests simultaneously. Each row has its own copy button and a case toggle so the output matches what your target system expects -- Linux checksums are lowercase, some Windows tools output uppercase. File mode is useful for verifying a downloaded ISO or binary against the checksum on the publisher's site. If the hashes match, the file is byte-for-byte what they published. SHA-1 is shown for legacy compatibility (Git still uses it for commit hashes), but it's been broken since Google's SHAttered attack in 2017. Don't use it for anything security-sensitive. SHA-512 is the choice when you want maximum collision resistance or when you're on a 64-bit system where the wider arithmetic is actually faster. Everything runs on the browser's Web Crypto API (crypto.subtle.digest), which is the same hardened implementation used by TLS.

How to use Hash Generator

1. Paste text or drag a file. Type text into the input, or switch to File mode and drop a file into the upload zone. Both modes show SHA-1, SHA-256, and SHA-512 at once.
2. Read all three digests. SHA-1 is 40 hex characters, SHA-256 is 64, SHA-512 is 128. Use SHA-256 for modern checksums; SHA-1 only for legacy compatibility.
3. Toggle case if needed. Each row has a case toggle. Linux checksum files are lowercase; some Windows tools output uppercase.
4. Copy or compare. Click the copy icon on any row. For file verification, compare the generated hash against the expected value from the publisher's site.

Use cases

• You just downloaded a Linux ISO and need to verify it against the SHA-256 on the distro's download page. Drop the file, compare the hashes.
• You're generating content-based cache keys and need a deterministic ETag. Hash the JSON response body with SHA-256.
• During an incident response, you need to check whether two copies of a binary are identical. Hash both, compare the digests.
• You're testing a webhook signature implementation. Hash the raw POST body and compare against the X-Hub-Signature-256 header.
• A colleague sent you a config file and you want to confirm it matches the version in your backup. Hash both, see if the SHA-256 values are identical.
• You need to prove that a document hasn't been altered since a specific date. Hash it, record the digest, and the timestamp serves as evidence.