Generate MD5, SHA-1, SHA-256, and SHA-512 hashes from text or files. Essential for data integrity verification, security, and cryptographic applications.
128-bit hash (legacy, not recommended for security)
160-bit hash (legacy, not recommended for security)
256-bit hash (recommended for most use cases)
512-bit hash (highest security)
Hash functions are mathematical algorithms that take input data of any size and produce a fixed-size string of characters. They're designed to be one-way functions, meaning you can't reverse the hash to get the original data.
Support for MD5, SHA-1, SHA-256, and SHA-512 hash functions.
Instant hash generation as you type or upload files.
Upload text files to generate hashes directly.
All processing happens in your browser for security.
Cryptographic hash functions are mathematical algorithms that convert input data of any size into a fixed-size output. They form the foundation of modern cybersecurity and blockchain technology.
| Algorithm | Output Size | Security | Status |
|---|---|---|---|
| MD5 | 128 bits | Broken | Legacy only |
| SHA-1 | 160 bits | Weak | Deprecated |
| SHA-256 | 256 bits | Strong | Recommended |
| SHA-512 | 512 bits | Strongest | High security |
SHA-256 offers the best balance of security and performance for most applications. SHA-512 provides higher security but is slower. MD5 and SHA-1 are fast but insecure.
Bitcoin uses SHA-256 for proof-of-work mining. Miners compete to find a hash with specific leading zeros.
Blockchain transactions are organized in Merkle trees using hash functions for efficient verification.
Hash functions enable digital signatures by creating a unique fingerprint of transactions and messages.
Each block contains the hash of the previous block, creating an immutable chain.
Ethereum uses Keccak-256 (different from SHA-3) for addresses, state trees, and smart contracts.
Different blockchains use hash functions in various consensus algorithms beyond proof-of-work.
Never store passwords in plain text. Use specialized password hashing functions with salt:
Salt prevents rainbow table attacks by adding unique random data to each password before hashing. Use cryptographically secure random salt for each password.
PBKDF2, bcrypt, scrypt, and Argon2 are designed to be slow, making brute-force attacks impractical. They incorporate iteration counts and memory requirements.
Hash checksums verify file integrity during downloads and transfers:
Hash functions detect unauthorized database modifications. Store row hashes to verify data hasn't been tampered with between reads.
Law enforcement uses hash functions to prove digital evidence hasn't been altered. Hash values serve as digital fingerprints in court proceedings.
Pre-computed tables of common passwords and their hashes. Defeated by using unique salts for each password.
When two different inputs produce the same hash. MD5 and SHA-1 have known collision attacks.
Hash-based Message Authentication Code. Combines hash function with secret key for message authentication.
Computational puzzle requiring finding input that produces hash with specific properties (like leading zeros).
Systems like IPFS use hash of content as the address. Ensures immutability and deduplication.
Probabilistic data structure using multiple hash functions to test set membership efficiently.
Modern CPUs include SHA instruction sets (Intel SHA Extensions, ARM Crypto Extensions) that dramatically speed up SHA-256 computations for supported algorithms.
For large files, streaming hash computation (processing chunks) uses constant memory compared to loading entire file. Most hash APIs support incremental updates.
const encoder = new TextEncoder();
const data = encoder.encode('Hello World');
const hashBuffer = await crypto.subtle.digest('SHA-256', data);
const hashArray = Array.from(new Uint8Array(hashBuffer));
const hashHex = hashArray.map(b =>
b.toString(16).padStart(2, '0')).join('');const crypto = require('crypto');
// Simple hash
const hash = crypto.createHash('sha256')
.update('Hello World')
.digest('hex');
// Streaming hash
const stream = crypto.createHash('sha256');
stream.update('chunk1');
stream.update('chunk2');
const result = stream.digest('hex');A: For general security purposes, use SHA-256. For high-security applications, consider SHA-512. Never use MD5 or SHA-1 for security purposes. For passwords, use bcrypt, scrypt, or Argon2 instead of regular hash functions.
A: No, cryptographic hash functions are designed to be one-way. However, weak passwords can be cracked using brute force, dictionary attacks, or rainbow tables. This is why salting and proper password hashing functions are essential.
A: SHA-256 has a longer output (256 vs 128 bits), making collisions much harder to find. MD5 has known collision vulnerabilities and can be broken in seconds. SHA-256 has no known practical attacks and is considered cryptographically secure.
A: Generate a hash of the original file and store it securely. Later, hash the file again and compare. If the hashes match, the file is unchanged. Any modification will produce a completely different hash value.
A: Bitcoin uses SHA-256(SHA-256(data)) to prevent length extension attacks and provide additional security margin. This double hashing pattern is common in cryptocurrency protocols and adds robustness against potential cryptographic weaknesses.
A: The avalanche effect means that changing even a single bit in the input results in approximately half the output bits changing. This property ensures that similar inputs produce completely different hashes, making patterns undetectable.
A: Hash tables use hash functions to convert keys into array indices for fast data lookup. Unlike cryptographic hashes, these focus on speed and uniform distribution rather than security. Common algorithms include MurmurHash and CityHash.
A: SHA-256 and SHA-512 are considered quantum-resistant because quantum computers can only reduce their security by half (Grover's algorithm). SHA-256 would still provide 128-bit security even against quantum attacks, which remains practically secure.