Compute MD5, SHA-1, SHA-256, SHA-384, and SHA-512 — all at once, all in your browser. Hash any string or local file. Your data never leaves your machine.
Live computation, no submit needed.
Frequently asked questions
Is my input sent to a server?
No. All hashing runs in your browser. SHA-1, SHA-256, SHA-384, and SHA-512 use the built-in Web Crypto API. MD5 uses spark-md5 (a small JavaScript library) since the Web Crypto API doesn't include MD5. Your text or file never leaves your machine.
Which hash algorithm should I use?
SHA-256 is the modern default for most use cases — secure, fast, widely supported. Use SHA-512 if you need extra collision resistance. MD5 and SHA-1 are cryptographically broken; only use them for non-security checksums (file integrity, Etag generation, deduplication keys), never for passwords or signatures.
Why is MD5 still here if it's broken?
MD5 collisions can be crafted by attackers, so it's unsafe for cryptography (passwords, digital signatures, certificates). But it's still useful for non-adversarial integrity checks: detecting accidental file corruption, Etag-style cache keys, deduplication, etc. We include it because developers still legitimately need it.
What's the difference between hex and base64?
They're different ways of encoding the same hash bytes. Hex uses 0–9 and a–f (each byte = 2 chars). Base64 uses A–Z, a–z, 0–9, +, / (each 3 bytes = 4 chars), so it's shorter. Pick whichever the consuming system expects — many APIs accept both, some require one specifically.
Can I hash a file?
Yes. Switch to File mode and drop a file or click to browse. The file is read into memory in your browser and hashed locally — it's not uploaded anywhere. Works for any file type. Larger files take a moment to read; the bottleneck is disk I/O, not hashing.
Why hash the same input five times?
We compute MD5, SHA-1, SHA-256, SHA-384, and SHA-512 in parallel so you can grab whichever the consuming system expects without re-doing the work. Specs and APIs vary: AWS uses SHA-256, Git uses SHA-1, some legacy systems still use MD5, NIST recommendations now prefer SHA-2 and SHA-3.
Are these hashes the same as `sha256sum` or `openssl dgst` in the terminal?
Yes — bit-for-bit identical, given the same input bytes. The hex output of `echo -n 'hello' | sha256sum` matches what this tool produces for the string 'hello'. Watch out for trailing newlines: `echo` adds one, `echo -n` doesn't, and `cat file` includes whatever is in the file.
Can I use this to hash passwords?
No — please don't. Plain SHA-256 of a password is unsafe for storage because attackers can brute-force it with rainbow tables. Use a purpose-built password hash like bcrypt, scrypt, or Argon2id (with a per-user salt and a high cost factor). This tool is for general-purpose hashing, not password storage.