Hash Generator - MD5, SHA-256 & More
Generate MD5, SHA-1, SHA-256, and SHA-512 hashes instantly. All processing happens locally.
What are Hash Functions?
A hash function is a mathematical algorithm that converts input data of any size into a fixed-length string of characters (the "hash" or "digest"). Hash functions are one-way functions—you can easily compute a hash from input, but it's computationally infeasible to reverse the process and retrieve the original data.
Key properties of cryptographic hash functions:
- Deterministic: Same input always produces the same hash
- Fast computation: Quick to calculate for any input size
- Avalanche effect: Small input changes cause drastically different hashes
- Collision resistant: Extremely hard to find two inputs with the same hash
- Pre-image resistant: Cannot derive input from hash output
MD5 vs SHA-256 vs SHA-512
| Algorithm | Output Size | Security | Speed | Best For |
|---|---|---|---|---|
| MD5 | 128 bits (32 hex) | Broken | Very Fast | Checksums only (non-security) |
| SHA-1 | 160 bits (40 hex) | Weak | Fast | Legacy systems (avoid for new) |
| SHA-256 | 256 bits (64 hex) | Strong | Fast | General purpose, Bitcoin |
| SHA-512 | 512 bits (128 hex) | Strongest | Fast on 64-bit | High-security applications |
Common Use Cases
Store password hashes instead of plaintext. Use bcrypt, scrypt, or Argon2 (with salt) for passwords—not plain SHA-256.
Verify file downloads haven't been corrupted or tampered with by comparing checksums.
Hash data before signing to create efficient, fixed-size signatures for documents and code.
Identify duplicate files or data blocks by comparing their hash values.
Example Hashes
Common strings and their hash values for testing:
Notice how a single character change creates a completely different hash!
Frequently Asked Questions
Which hash algorithm should I use?
- For passwords: Use bcrypt, scrypt, or Argon2—never plain MD5/SHA
- For file checksums: SHA-256 is the modern standard
- For quick non-security checks: MD5 is fast but avoid for security
- For maximum security: SHA-512 or SHA-3
Is MD5 secure?
No, MD5 is cryptographically broken. Collision attacks have been demonstrated since 2004. MD5 should never be used for security purposes (passwords, certificates, signatures). It's only acceptable for non-security checksums like verifying file transfers where tampering isn't a concern.
What's the difference between hashing and encryption?
| Hashing | Encryption |
|---|---|
| One-way (irreversible) | Two-way (reversible with key) |
| Fixed output size | Output size varies with input |
| No key required | Requires encryption key |
| For verification | For confidentiality |
Can two different inputs have the same hash?
Theoretically yes—this is called a "collision." Since hash outputs are fixed-length but inputs can be infinite, collisions must exist mathematically. However, for strong algorithms like SHA-256, finding a collision would take longer than the age of the universe with current technology. MD5 and SHA-1 have known practical collision attacks, which is why they're deprecated.
What is a "salt" in password hashing?
A salt is random data added to a password before hashing. It ensures that identical passwords produce different hashes, preventing rainbow table attacks. Each user should have a unique salt stored alongside their hash. Modern password hashing algorithms like bcrypt automatically handle salting.