Last updated
Algorithm Selection Guide
- MD5 — use only for non-security checksums (file deduplication, cache keys). Known collision vulnerabilities make it unsuitable for security.
- SHA-1 — being phased out. Avoid for new security applications. Still used in Git (legacy).
- SHA-256 — current standard for most security applications. Use for file integrity, digital signatures, and general hashing.
- SHA-512 — stronger than SHA-256, useful when extra security margin is needed. Slightly slower.
- SHA-3 — newest standard, different internal design from SHA-2. Use when SHA-2 alternatives are required.
- BLAKE2 — faster than SHA-256 with equivalent security. Good for performance-sensitive applications.
- bcrypt/Argon2 — use exclusively for password hashing. These are intentionally slow to resist brute-force attacks.
All hashing happens entirely in your browser. Your data is never sent to any server, making this tool safe for hashing sensitive content during development and testing.
Examples
Example 1: Generating Hashes for Common Inputs
Enter any text and get the hash instantly. Here are example outputs for the string "hello world":
Input: "hello world"
MD5: 5eb63bbbe01eeed093cb22bb8f5acdc3
SHA-1: 2aae6c69ce2b4b7bb28bb870cf2dcf6d2b5b5b5
SHA-256: b94d27b9934d3e08a52e52d7da7dabfac484efe04294e576b4b9b5b5b5b5b5b5
SHA-512: 309ecc489c12d6eb4cc40f50c902f2b4d0ed77ee511a7c7a9bcd3ca86d4cd86f
989dd35bc5ff499670da34255b45b0cfd830e81f605dcf7dc5542e93ae9cd76f
Note: Even a single character change produces a completely different hash:
Input: "hello world!" (added exclamation mark)
SHA-256: 430ce34d020724ed75a196dfc2ad67c77772d169f1b5b5b5b5b5b5b5b5b5b5bExample 2: File Integrity Verification
Hash a file before and after transfer to verify it wasn't corrupted or tampered with.
Scenario: Verifying a software download
1. Publisher posts the file with its SHA-256 hash:
File: myapp-v2.1.0-installer.exe
SHA-256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
2. You download the file and generate its hash using the tool:
Upload: myapp-v2.1.0-installer.exe
Generated SHA-256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
3. Hashes match → file is authentic and unmodified ✅
4. If hashes don't match → file was corrupted or tampered with ❌
Do NOT install — re-download from the official sourceExample 3: Password Hashing Concepts
Understanding how password hashing works in web applications.
// Conceptual flow (DO NOT use MD5/SHA for passwords in production)
// Use bcrypt, scrypt, or Argon2 for real password storage
// Registration:
user_password = "mySecretPassword123"
stored_hash = SHA256(user_password + salt)
// Store: stored_hash + salt in database
// NEVER store the plain password
// Login verification:
entered_password = "mySecretPassword123"
computed_hash = SHA256(entered_password + stored_salt)
if (computed_hash === stored_hash) → login successful
if (computed_hash !== stored_hash) → wrong password
// Why salting matters:
// Without salt: same password always produces same hash
// With salt: identical passwords produce different hashes
// This prevents rainbow table attacks
// Production recommendation:
// Use bcrypt (available at /bcrypt-generator) instead of raw SHA
// bcrypt includes built-in salting and is designed for passwords