Using MD5 or SHA-1 for security
MD5 and SHA-1 are broken for collision resistance; keep them for legacy checksums and compatibility checks, not security decisions.
Hash Generator Online | MD5, SHA-256 and SHA-512 Checksums
EncodingRuns in Your Browser (No Uploads)
Generate MD5, SHA-1, SHA-256, and SHA-512 hashes from text with instant, in-browser results. Use it for checksums, fingerprints, webhook debugging, and integrity checks. For password storage, use bcrypt, scrypt, or Argon2 instead.
Loading…
What to do next
Continue with a related workflow or open the next tool that usually follows this task.
Workflow guide
Base64 decode an API payload
Use this workflow when an API response, webhook, cookie, or configuration value contains Base64 text that needs to be inspected before debugging.
OpenRelated toolBase64 Encoder and Decoder Online | UTF-8 and URL-Safe Text
Encode or decode Base64 text with UTF-8 support and local-only processing.
OpenRelated toolJWT Decoder Online | Decode Claims, Header and Expiration
Decode JWT header, payload, claims, and expiration locally.
OpenRelated toolUUID v4 Generator Online | Bulk GUIDs with Web Crypto
Generate bulk UUID v4 and GUID values locally with format options.
OpenHow to Use This Tool
- 1
Enter or paste text (all Unicode supported).
- 2
In Live mode, MD5, SHA-1, SHA-256, and SHA-512 update as you type.
- 3
Copy any hexadecimal digest with one click.
- 4
Compare against a published checksum to verify file integrity.
When to Use This Tool
File Integrity and Checksum Verification
Compute a digest and compare it with a vendor-published checksum to confirm a download or copied value was not modified.
Webhook and API Signature Debugging
Check whether a webhook body, signed message, or canonical request string matches the digest expected by your integration.
Content Fingerprints and Deduplication
Use digests as stable fingerprints to deduplicate content, compare text snapshots, or build content-addressable references.
Blockchain and Merkle Tree Learning
Understand how hashes support block fingerprints, proof-of-work examples, and Merkle-tree style verification.
Cache Keys and Test Fixtures
Generate consistent digests for cache keys, sharding tests, fixture IDs, and indexing experiments.
Password Hashing Education
Learn password hashing concepts, then use a dedicated slow hash such as Argon2, bcrypt, or scrypt in production.
Common Mistakes
Hashing passwords directly
Passwords need slow, salted password hashing such as Argon2, bcrypt, or scrypt. A raw SHA digest is too fast for safe password storage.
Comparing different input bytes
Whitespace, newlines, character encoding, and file mode changes produce different digests even when text looks similar.
Examples
Create a SHA-256 checksum for a release
Hash a release note, payload, or manifest string and publish the digest so users can compare their local copy.
Input
web-utils-release-2026-05-13Output
SHA-256: d36a4170ae98dcf5050e74ae158ca5693ade7c3853370ee27907db4f6b557253See how small input changes alter a digest
A one-character change produces a completely different digest, which is useful when validating configuration, webhook payloads, or copied data.
Input
invoice-total=1250
invoice-total=1251Output
Different MD5/SHA digests are produced for each line.Cryptographic Hashes (Brief)
A cryptographic hash maps arbitrary input bytes to a fixed-length digest and is designed to be one-way.
Useful properties include determinism, collision resistance, and the avalanche effect: small input changes create very different digests.
Prefer SHA-256 or SHA-512 for integrity work; MD5 and SHA-1 are deprecated for security but still appear in legacy checksum workflows.
Frequently Asked Questions
Q.Is hashing the same as encryption? Can I reverse a hash?
A. No. Hashing is one-way and irreversible, while encryption is reversible with the correct key. You cannot "decode" a cryptographic hash.
Q.Which hash algorithm should I use?
A. Use SHA-256 or SHA-512 for modern integrity and fingerprinting work. Keep MD5/SHA-1 only for legacy or non-security checks such as quick compatibility checksums.
Q.Can two different inputs produce the same hash (collision)?
A. Yes, collisions can exist in theory. There are practical collisions for MD5 and SHA-1; no practical collision attacks are known for SHA-256/512 today.
Q.Is it safe to store passwords as hashes?
A. Do not store passwords with MD5, SHA-1, SHA-256, or SHA-512. Use dedicated password hashing functions like bcrypt, scrypt, or Argon2 with salts and proper parameters.
Q.Does this hash generator upload my input?
A. No. Hashes are computed locally in your browser from the text you enter. Nothing is uploaded or stored by this tool.
Related workflow guides
Use these focused guides when you need a practical workflow before opening the tool.
Workflow guide
Base64 decode an API payload
Use this workflow when an API response, webhook, cookie, or configuration value contains Base64 text that needs to be inspected before debugging.
Workflow guideVerify a file checksum with SHA-256
Use this workflow when a vendor, GitHub release, or teammate gives you a checksum and you need to confirm that the file you downloaded has not changed.
Workflow guideDecode a JWT safely before debugging authentication
Use this workflow when a login, API request, or permission check fails and you need to inspect token claims before changing auth code.
Workflow guideCreate a QR code for any link
Use this workflow when a URL needs to move from paper, a slide, a package, or a physical sign into a phone camera quickly.
Workflow guideGenerate UUIDs for realistic test data
Use this workflow when you need realistic unique identifiers for examples, tests, seeded records, or temporary objects without exposing production IDs.
Workflow guideInspect HTTP response headers before debugging APIs
Use this workflow when a browser request, API response, redirect, or CDN cache behaves differently than expected and you need a clean header-level view first.
Related Tools
Explore more developer tools
Base64 Encoder and Decoder Online | UTF-8 and URL-Safe Text
Encode or decode Base64 text with UTF-8 support and local-only processing.
Encoding
JWT Decoder Online | Decode Claims, Header and Expiration
Decode JWT header, payload, claims, and expiration locally.
Security
UUID v4 Generator Online | Bulk GUIDs with Web Crypto
Generate bulk UUID v4 and GUID values locally with format options.
Converter