Can I use SHA-256 to hash passwords in my app?

No. SHA-256 is too fast — attackers can test billions of guesses per second on cheap GPU hardware. For passwords, use bcrypt, Argon2id, or scrypt, which are intentionally slow and include salting by design. This tool is for file integrity and data verification, not password storage.

Is it safe to type sensitive data into this tool?

Yes. All hashing runs entirely inside your browser using the built-in Web Cryptography API and client-side JavaScript. No text is sent to any server. You can verify this by turning off your network connection and the tool will still work normally.

Why does changing one character produce a completely different hash?

This is called the avalanche effect and it is a deliberate property of cryptographic hash functions. Even flipping a single bit in the input cascades through the algorithm's internal state, causing roughly half of all output bits to change. It ensures you cannot learn anything about the relationship between two inputs by comparing their hashes.

MD5 is 'broken' — so why is it still used anywhere?

MD5's weakness is specific: an attacker can craft two different inputs that produce the same hash. But if you are only checking whether a file was accidentally corrupted during transfer over a trusted network (not an adversarial scenario), MD5 still reliably catches random bit errors. The problems start when someone is actively trying to forge content that matches a known MD5 hash. For those cases, use SHA-256 minimum.

What is the difference between a hash and a checksum?

A checksum (like CRC32) is designed to detect accidental corruption and is computationally simple. A cryptographic hash like SHA-256 is designed to also resist deliberate tampering — it is computationally infeasible to find a different input that produces the same output. SHA-256 can serve as a checksum, but a CRC32 cannot serve as a security-grade hash.

How do I verify a file download using SHA-256?

Run 'shasum -a 256 yourfile.zip' on macOS/Linux (or 'Get-FileHash yourfile.zip -Algorithm SHA256' in Windows PowerShell). Then paste the expected hash from the software publisher into this tool along with the computed hash and compare character by character. Alternatively, hash a string representation and use the tool to cross-check implementation correctness in code.

Bcrypt & SHA Hash Generator

#️⃣ Hash Generator

MD5 · SHA-1 · SHA-256 · SHA-512 — computed entirely in your browser. Nothing is sent anywhere.

Text / String to Hash

MD5 (128-bit) SHA-1 (160-bit) SHA-256 (256-bit) SHA-512 (512-bit)

Enter text above and click Generate.

Copied to clipboard!

What Hashing Actually Does to Your Data

When you pass a string through a hash function, you get back a fixed-length fingerprint. Feed in "password123" and SHA-256 spits out a 64-character hex string. Feed in the same string a microsecond later and you get the exact same 64 characters. Change even one letter — one bit, really — and the output looks entirely different. This property, called the avalanche effect, is why hashing underpins so much of modern software security.

But hashing is not encryption. You cannot reverse a hash to recover the original input through any standard mathematical operation. That is by design. The algorithms described here — MD5, SHA-1, SHA-256, and SHA-512 — are one-way functions, which makes them useful for verifying data without storing or transmitting the data itself.

MD5: Old Workhorse, Wrong Job

MD5 dates to 1992 and produces a 128-bit (32 hex character) digest. For years it was everywhere: file downloads showed MD5 checksums, early databases stored MD5-hashed passwords, SSL certificates used it internally. Then researchers demonstrated collision attacks — two different inputs producing the same output — and the whole security premise collapsed.

A practical collision attack against MD5 today takes seconds on ordinary hardware. This means an attacker can craft a malicious file that produces the same MD5 hash as a legitimate one, making MD5-based integrity checks completely unreliable in adversarial contexts.

Where MD5 still makes sense: non-security checksums. Checking whether a large file was corrupted during transfer over a trusted network, or deduplicating files in a local database where nobody is actively trying to forge content. The moment there is an adversary in the picture, MD5 is the wrong choice. If you are hashing passwords, stop — use bcrypt, Argon2, or scrypt instead.

SHA-1: Sunset Is Not Optional

SHA-1 (Secure Hash Algorithm 1) produces a 160-bit digest and was the industry workhorse through the 2000s. HTTPS certificates, Git commit identifiers, code signing — SHA-1 was everywhere. Google's SHAttered attack in 2017 demonstrated a practical SHA-1 collision for the first time: two different PDF files with the same SHA-1 hash. The attack was computationally expensive but absolutely real.

All major browsers stopped accepting SHA-1 TLS certificates years ago. Git itself has been incrementally migrating toward SHA-256 object identifiers. SHA-1 is now in the same category as MD5 for security purposes: acceptable for non-adversarial integrity checks on trusted networks, completely unacceptable for authentication, code signing, or any context where a determined attacker might try to forge hashes.

Interestingly, SHA-1 is still used internally in many Git repositories for the simple reason that switching hash functions for a distributed version control system with years of history is genuinely hard. This does not make it safe — it means the ecosystem has not fully migrated yet.

SHA-256: The Current Standard

SHA-256 is part of the SHA-2 family and produces a 256-bit (64 hex character) digest. No practical collision or preimage attacks are publicly known. The cryptographic community considers it secure for general use, and it serves as the backbone of Bitcoin's proof-of-work algorithm, TLS 1.3, most modern code signing pipelines, and digital certificate infrastructure worldwide.

The 256-bit output space is staggeringly large — 2^256 possible values. Even if every computer on Earth computed a trillion SHA-256 hashes per second, finding a collision by brute force would take longer than the current age of the universe by many orders of magnitude. Side-channel attacks and implementation bugs remain theoretical risks, but the algorithm itself is sound.

For file integrity verification where you control both sides — downloading a software package and checking the provided SHA-256 checksum, for example — SHA-256 gives you genuine confidence that the bits you received match what the publisher released.

SHA-512: When You Need Extra Headroom

SHA-512 produces a 512-bit (128 hex character) output from the SHA-2 family. It is computationally similar to SHA-256 but operates on 64-bit words rather than 32-bit, which means it can actually be faster than SHA-256 on 64-bit processors despite producing a longer output. On 32-bit hardware the situation reverses.

The practical security difference between SHA-256 and SHA-512 is mostly theoretical at this point. Both are considered unbroken. SHA-512 gives you additional margin against future advances in cryptanalysis or quantum computing, though even SHA-256 is considered quantum-resistant for practical purposes with appropriate key lengths.

Where SHA-512 shows up in practice: HMAC constructions for API authentication tokens, signing high-value documents, key derivation functions, and any system where the organization's threat model extends decades into the future.

How to Use This Tool in Your Workflow

The most common use case is verifying a downloaded file. Software projects publish SHA-256 or SHA-512 checksums alongside their releases. After downloading, paste the file's content (or the hash from a terminal command like shasum -a 256 filename) and compare with the published value. A mismatch means the file was corrupted or tampered with in transit.

Developers use hash generators to test database migration scripts — hashing a known input and confirming the stored hash matches what the application produces. This catches encoding bugs (UTF-8 vs Latin-1 discrepancies, for instance) before they hit production. Paste your test string here, note the hash, and verify your code produces the same value.

Security engineers use hash comparisons when auditing authentication systems. If you have a legacy database with hashed passwords and need to confirm which algorithm was used, known-input hashing quickly identifies the format. A 32-character hex string is MD5. 40 characters is SHA-1. 64 is SHA-256. 128 is SHA-512.

All computation in this tool happens entirely within your browser using the Web Cryptography API (SubtleCrypto) for SHA-256 and SHA-512, and well-tested pure JavaScript implementations for MD5 and SHA-1. No text ever leaves your device. This matters when you are hashing anything sensitive — API keys, partial passwords, confidential document contents. The page does not make network requests to generate your hashes.

The Password Hashing Trap

A word of caution: none of these algorithms should be used to hash passwords in an authentication system. MD5 and SHA-1 are broken for this purpose outright. SHA-256 and SHA-512, despite being cryptographically sound, are too fast — purpose-built password crackers can attempt billions of SHA-256 hashes per second using commodity GPUs.

Password hashing requires slowness by design. Algorithms like bcrypt, Argon2, and scrypt deliberately consume time and memory, making brute-force attacks expensive even if an attacker obtains the hash database. If you are building an authentication system, use those algorithms through your language's standard library, not a raw SHA hash.

These tools are for data integrity and verification — confirming that a file, message, or value is exactly what it claims to be. Used in that context, SHA-256 and SHA-512 remain thoroughly reliable tools in the security practitioner's kit.

#️⃣ Bcrypt & SHA Hash Generator