Hash calculator

What is a cryptographic hash?

A cryptographic hash function maps an input of any size to a fixed-length output called a digest. This tool implements MD5 (128-bit output), SHA-1 (160-bit), and the SHA-2 family — SHA-256, SHA-384, and SHA-512, named for output bit length.

A useful hash is deterministic, fast, one-way (you cannot recover the input from the digest), and exhibits the avalanche property: flipping a single input bit changes roughly half the output bits. Different uses — integrity checks, signatures, content addressing — rely on different subsets of these properties.

How it works

Each algorithm processes the input in fixed-size blocks, mixing them through a compression function until the entire input is absorbed. SHA-1 produces 20 bytes, SHA-256 produces 32 bytes, SHA-512 produces 64 bytes. The output is conventionally written as lowercase hex.

SHA-1, SHA-256, SHA-384, and SHA-512 are available natively in the browser through the Web Crypto API's crypto.subtle.digest(). MD5 has no native support — every modern platform considers it broken — so it is computed by a small in-browser implementation here for legacy interoperability.

When to use this tool

• Verifying a downloaded file against the publisher's checksum.
• Computing a content-addressed identifier for caching, deduplication, or rsync-style change detection.
• Generating an ETag for an HTTP response.
• Checking that two strings or files are byte-identical when only the digests are practical to share.
• Inspecting a known-good signature input before producing or verifying a digital signature.

Common pitfalls

• Never use these for password hashing. Argon2id, bcrypt, or scrypt are designed to be slow and memory-hard. Raw cryptographic hashes are fast on purpose — the wrong property against an attacker brute-forcing a stolen database.
• MD5 and SHA-1 are broken for collision resistance. Researchers can construct two inputs that hash to the same value (SHA-1 chosen-prefix collisions were demonstrated in 2017). Do not rely on either to detect intentional tampering.
• Length-extension attacks affect MD5, SHA-1, SHA-256, and SHA-512. Constructions like hash(secret || message) let an attacker append data without the secret. Use HMAC-SHA-256 instead.
• Hex case matters in string comparisons. Lowercase is conventional; a tool that uppercases will not byte-equal one that does not, even for the same digest.
• Hashing a string requires committing to an encoding (almost always UTF-8). Tools that disagree on encoding produce different digests for the same visible string.

Frequently asked

Which hash should I use?

SHA-256 for general integrity work. SHA-512 if you need the larger digest. HMAC-SHA-256 for message authentication. Argon2id, bcrypt, or scrypt — never a raw hash — for passwords.

Is SHA-256 still secure?

Yes. No practical collision attack exists against SHA-256 as of 2026, and the NSA-designed SHA-2 family remains the default in TLS, code signing, and most modern protocols.

Can I still use MD5 for anything?

For non-adversarial integrity checks (cache keys, deduplication keys, accidental-corruption detection), yes. Anywhere an attacker might engineer a collision, no.

Why does my checksum differ from another tool?

Common causes: line-ending normalization (CRLF versus LF), text-mode encoding mismatch (UTF-8 versus UTF-16), or a stray trailing newline. Compare bytes, not visible text.

Does this work on large files?

Yes — hashing happens in your browser, so memory is the only limit. Multi-gigabyte inputs may be slow but will not leave the device.