About this tool
A cryptographic hash function maps input of any size to a fixed-length digest, deterministically: the same bytes always produce the same hash, while a one-character change cascades into a completely different output. This tool computes five common digests side by side — MD5 (128-bit), SHA-1 (160-bit), and the SHA-2 family SHA-256, SHA-384 and SHA-512. The SHA functions run through the browser's native Web Crypto API; MD5, which Web Crypto deliberately omits, is implemented in JavaScript to RFC 1321.
Use it to verify a download against a published checksum, confirm two files are byte-for-byte identical, generate cache keys or content-addressed identifiers, fingerprint a payload before storing it, or sanity-check that a hash your backend produced matches what the client sees. Switch to File mode to hash any file by dragging it in — the bytes are read locally via ArrayBuffer and never uploaded.
MD5 and SHA-1 are broken for security purposes — collisions are practical — so use them only for checksums and integrity checks, never for passwords or signatures; reach for SHA-256 or stronger there.
Frequently asked questions
What is the difference between MD5, SHA-1 and SHA-256?
They are different hash algorithms producing digests of different lengths: MD5 is 128-bit, SHA-1 is 160-bit, and SHA-256 is 256-bit. MD5 and SHA-1 are considered cryptographically broken because collisions can be engineered, while SHA-256 (part of the SHA-2 family) is still regarded as secure.
Is hashing the same as encryption?
No. Hashing is a one-way function — you cannot reverse a digest back into the original input — whereas encryption is reversible with the right key. Hashes are used for integrity verification and fingerprinting, not for keeping data confidential.
Are my text and files uploaded to a server?
No. All hashing happens entirely in your browser: SHA digests use the native Web Crypto API and MD5 runs in JavaScript, and files are read locally through ArrayBuffer. Nothing is ever sent over the network.