Skip to content

Text Tools

Generate a hash

SHA-1 through SHA-512, computed by the browser's own cryptographic engine.

  • Free, no signup
  • No upload — runs on your device
  • No watermark
  • Unlimited use

Hash Generator

Processed locally

There is no MD5 here, and that is deliberate

MD5 and SHA-1 are both broken for any security purpose. Collisions in MD5 can be produced in seconds on a laptop; SHA-1 collisions were demonstrated in 2017 and are now cheap. Neither belongs anywhere near a signature, a certificate or a password.

The browser's WebCrypto API declines to implement MD5 at all — a deliberate refusal by the standards body to make the wrong choice available. SHA-1 is included only because legacy systems still verify against it, and it appears here for the same reason. If you are checksumming a download or comparing two files, SHA-256 is the correct default and has no meaningful downside.

The other thing worth being clear about: hashing a password is not the same as storing it securely. Password storage requires a slow, salted function — bcrypt, scrypt or Argon2 — precisely because SHA-256 is fast, and speed is what makes a stolen hash database brute-forceable.

How it works

  1. Choose an algorithm
  2. Type or paste your text
  3. The hash updates live — copy it
Why nothing uploads. Every operation on this page happens inside your browser using JavaScript and WebAssembly. Your file is read into memory, processed, and offered back as a download. It is never transmitted. Disconnect from the internet after this page loads and the tool keeps working.

Frequently asked questions

Why is MD5 not offered?
Because the browser's WebCrypto API does not implement it. MD5 collisions can be generated in seconds, so it has no legitimate security use. SHA-256 is the correct default.
Is SHA-1 safe to use?
Not for anything security-related. Collisions were demonstrated in 2017. It is included only for verifying against legacy systems that have not migrated.
Can I use this to hash passwords?
No. Password storage needs a slow, salted algorithm like bcrypt, scrypt or Argon2. SHA-256 is fast by design, which is exactly what makes a stolen database of SHA-256 password hashes crackable.
What is a hash useful for then?
Verifying that a file or message has not changed. Compare the hash of what you received against the hash the sender published — if they differ by a single character, the content differs.
Is my text sent anywhere to be hashed?
No. The browser's WebCrypto API computes it locally. Nothing is transmitted.