MD5 & SHA Hash Generator

Generate MD5, SHA-1, SHA-256, and SHA-512 hashes online. Free hash calculator for text strings.

Input Text

About Hash Generator

This tool generates cryptographic hashes using MD5, SHA-1, SHA-256, and SHA-512 algorithms. All hashing is done in your browser using the Web Crypto API — your data never leaves your device.

Supported Algorithms

MD5 — 128-bit hash, widely used for checksums (not secure for passwords)
SHA-1 — 160-bit hash, legacy use
SHA-256 — 256-bit hash, industry standard for security
SHA-512 — 512-bit hash, maximum security

Video Tutorial

2:40

Video coming soon — full transcript available below

Chapters

Full transcript searchable

0:00

What are cryptographic hashes and why they matter

Welcome to this tutorial on the Hash Generator. A cryptographic hash function takes any input and produces a fixed-length output called a hash or digest. The same input always produces the same hash, but even a tiny change in the input completely changes the hash. Hashes are one-way — you cannot reverse a hash to get the original input. This makes them ideal for three main use cases: verifying file integrity with checksums, detecting data tampering, and as a component in password storage systems.

0:32

Generating all four hash types at once

Open the Hash Generator on ToolPilot.dev. Type or paste any text into the input field — a file path, a password, a message, any string. Click Generate. The tool instantly shows you four hashes simultaneously: MD5, SHA-1, SHA-256, and SHA-512. Each algorithm produces a hash of different length. MD5 produces 32 hex characters, SHA-1 produces 40, SHA-256 produces 64, and SHA-512 produces 128. All four are generated using the browser's built-in Web Crypto API.

1:05

MD5 vs SHA-256: when to use which

MD5 is fast but cryptographically broken — collision attacks are possible. Use MD5 only for non-security purposes like file checksums where you control both sides, or legacy systems. SHA-1 is also deprecated for security use. SHA-256 is the current standard for most security applications and is part of the SHA-2 family. SHA-512 provides extra security margin and is preferred for password hashing contexts. For new applications, always use SHA-256 or SHA-512.

1:40

Use case: file checksum verification

When you download software from the internet, the download page often provides an MD5 or SHA-256 checksum. After downloading, you generate a hash of the downloaded file and compare it to the provided checksum. If they match, the file is intact and hasn't been corrupted or tampered with. While this tool works with text, the same principle applies to file checksums — the hash uniquely identifies the file's content.

2:10

Use case: API request signing

Many APIs use HMAC-SHA256 to sign requests. You concatenate the request method, path, timestamp, and body, then hash it with a secret key. This tool helps you understand the expected hash format during API integration debugging. You can manually compute what the hash should be for a given input to verify your client-side signing implementation is correct.

2:30

Browser-only processing & privacy

All hashing is performed locally in your browser using the Web Crypto API — a secure, built-in browser API for cryptographic operations. Nothing you type is ever transmitted to a server. This makes it safe to hash sensitive strings like passwords or API keys for debugging purposes. For production systems, always hash passwords server-side with a proper password hashing algorithm like bcrypt or Argon2.

Transcript covers all 6 chapters (2:40 total).

Frequently Asked Questions

What is a hash function?

A hash function is a mathematical algorithm that converts input data of any size into a fixed-length string of characters (the hash or digest). The same input always produces the same hash, and even a tiny change in input produces a completely different hash.

What is MD5 used for?

MD5 produces a 128-bit (32-character hex) hash. It is used for file integrity verification, checksums, and non-security database lookups. MD5 is cryptographically broken — do not use it for password hashing or security-critical applications.

What is SHA-256 used for?

SHA-256 produces a 256-bit (64-character hex) hash and is part of the SHA-2 family. It is used for digital signatures, SSL/TLS certificates, Bitcoin mining, and secure password hashing (as part of bcrypt/PBKDF2 derivation).

Can I reverse a hash to get the original text?

No. Hash functions are one-way — reversing them is computationally infeasible by design. However, short or common strings can be found via rainbow table lookups. Never store passwords as simple MD5 or SHA-1 hashes.

What is the difference between MD5, SHA-1, SHA-256, and SHA-512?

MD5 (128-bit) and SHA-1 (160-bit) are older and cryptographically broken. SHA-256 (256-bit) and SHA-512 (512-bit) are part of the secure SHA-2 family. Always prefer SHA-256 or SHA-512 for new applications.

How do I verify a file download using a hash?

Software releases often include an MD5 or SHA-256 checksum. Generate the hash of your downloaded file using a terminal command (sha256sum on Linux/Mac) and compare it to the published checksum. If they match, the file is intact.

Is SHA-256 safe for password storage?

Raw SHA-256 is not recommended for passwords because it is too fast — attackers can compute billions of hashes per second. Use slow hashing algorithms like bcrypt, Argon2, or PBKDF2 with a random salt for password storage.

What is a hash collision?

A hash collision occurs when two different inputs produce the same hash output. MD5 and SHA-1 are vulnerable to intentional collisions, making them unsuitable for digital signatures and security certificates.

How long is a SHA-256 hash?

A SHA-256 hash is 256 bits long, which is typically represented as a 64-character hexadecimal string. A SHA-512 hash is 512 bits, represented as 128 hex characters.

Can I generate an HMAC with this tool?

The Hash Generator produces plain hashes without a key. For HMAC (Hash-based Message Authentication Code), which requires a secret key, use a programming language: in Python, use hmac.new(key.encode(), message.encode(), hashlib.sha256).hexdigest().

Code Examples

Ready-to-use implementations in popular programming languages. Copy, paste, and run.

Generate Hashes in JavaScript

// SHA-256 hash using Web Crypto API
async function sha256(text) {
  const data = new TextEncoder().encode(text);
  const hashBuffer = await crypto.subtle.digest('SHA-256', data);
  const hashArray = Array.from(new Uint8Array(hashBuffer));
  return hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
}

// Usage
sha256('Hello, World!').then(hash => console.log(hash));
// dffd6021bb2bd5b0af676290809ec3a53191dd81c7f70a4b28688a362182986f

Generate Hashes in Python

import hashlib

text = 'Hello, World!'

# SHA-256
sha256 = hashlib.sha256(text.encode()).hexdigest()
print(f'SHA-256: {sha256}')

# MD5 (not for security, useful for checksums)
md5 = hashlib.md5(text.encode()).hexdigest()
print(f'MD5: {md5}')

# SHA-512
sha512 = hashlib.sha512(text.encode()).hexdigest()
print(f'SHA-512: {sha512}')

Generate Hashes in Go

package main

import (
	"crypto/sha256"
	"fmt"
)

func main() {
	data := []byte("Hello, World!")

	// SHA-256 hash
	hash := sha256.Sum256(data)
	fmt.Printf("SHA-256: %x\n", hash)
}

Generate Hashes in Bash

# SHA-256 hash
echo -n 'Hello, World!' | sha256sum

# MD5 hash
echo -n 'Hello, World!' | md5sum

# SHA-512 hash
echo -n 'Hello, World!' | sha512sum

# Hash a file
sha256sum myfile.txt

Related Workflow Guides

🔐 API Auth Debugging: JWT → JSON → Hash → 🛡️ Secure Config: Generate Passwords → Hash → Encode Base64 → 🎫 Manage API Tokens: Decode JWT → Verify Hash → Encode Secrets → 🆔 Design ID Systems: Generate UUIDs → Hash → Format as JSON →

Compare with alternatives

Toolpilot vs MD5HashGenerator.com Toolpilot vs SHA256Generator.com