← All Tools
Free Tool

Hash Generator

MD5, SHA-1, SHA-256, SHA-384 and SHA-512 of any UTF-8 string. SHA family uses the Web Crypto API. MD5 is hand-rolled from RFC 1321 because Web Crypto refuses to expose it. Everything runs inside your tab.

Length: 0 chars · 0 bytes
Enter text above to compute MD5, SHA-1, SHA-256, SHA-384 and SHA-512 digests.

FAQ

Why use this instead of openssl on the command line?

openssl on the command line is faster for files and for shell pipelines. This tool exists for the case where you need a quick hash of a string from a browser context — verifying a JWT signing input, checking a Git commit hash, computing a fingerprint to paste into a ticket — without leaving the browser or opening a terminal. The output is identical byte-for-byte to what openssl, sha256sum or python -c 'import hashlib' would produce for the same UTF-8 input.

Why does the page still ship MD5 if MD5 is broken?

MD5 is cryptographically broken — collision attacks on it have been practical since 2008 (the rogue CA hack). But it is still very widely used as a non-security checksum: file integrity, deduplication keys, ETags, Docker image layer IDs, legacy database lookups. The tool ships an MD5 implementation so practitioners can compute those values without falling back to an online MD5 service that might log their input. Do not use MD5 for password hashing, signatures or anything where collisions matter.

Is the SHA implementation from a library?

SHA-1, SHA-256, SHA-384 and SHA-512 are computed via the W3C Web Cryptography API (crypto.subtle.digest), which is implemented natively in every modern browser. No JavaScript SHA library is bundled. MD5 is hand-rolled directly from RFC 1321 because Web Crypto deliberately omits MD5 — the W3C decided not to expose a known-broken primitive through the secure API surface.

Does the output match other reference implementations?

Yes. Sample test vector — input "abc" (3 ASCII bytes) — produces MD5 900150983cd24fb0d6963f7d28e17f72, SHA-1 a9993e364706816aba3e25717850c26c9cd0d89d, SHA-256 ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad. Those are the canonical values published in FIPS 180-4 and RFC 1321 Appendix A.5.

Can I hash a file with this?

Not in this version — the input is a textarea. A file-hash version is straightforward (FileReader + crypto.subtle.digest on the ArrayBuffer) and may ship later. For files today, browser-based hashing is well supported but for anything multi-GB you are better off with sha256sum, certutil -hashfile, or Get-FileHash on PowerShell.