DevToolbox

Hash Generator

Generate MD5, SHA-1, SHA-256, and SHA-512 hashes for text and files. Compare hashes or compute HMACs.

About This Tool

The Hash Generator computes cryptographic hash digests for text and files directly in your browser. It calculates MD5, SHA-1, SHA-256, and SHA-512 hashes simultaneously, so you can compare results across algorithms without running separate commands. HMAC signatures are also used in JSON Web Tokens — decode and verify them with our JWT tool.

SHA-256 and SHA-512 are computed using the browser's built-in Web Crypto API, which provides hardware-accelerated, constant-time implementations. MD5 is computed using the spark-md5 library, as the Web Crypto API does not support MD5. SHA-1 is included for compatibility but should not be used for security-critical purposes, as it is considered cryptographically broken.

The File tab accepts drag-and-drop or file browsing and hashes the file contents directly — useful for verifying downloads. The Compare tab checks whether two hash strings match (case-insensitive). The HMAC tab generates keyed-hash message authentication codes using SHA-1, SHA-256, or SHA-512.

All processing happens client-side. Your text, files, and secrets are never transmitted to any server. For encoding binary hash output as text, use the Base64 encoder. Need a secure random string instead? Try the Password Generator.

How to Use

  1. In Text mode, type or paste text. All four hash digests appear instantly.
  2. In File mode, drag and drop a file or click browse. The file is hashed entirely in your browser.
  3. In Compare mode, paste two hashes to check whether they match (case-insensitive comparison).
  4. In HMAC mode, enter a message, secret key, and select an algorithm. The HMAC updates as you type.
  5. Click the copy icon next to any hash to copy it to your clipboard.

About This Tool

View all 30 hash algorithm guides →

FAQ

Is my data safe?

Yes. All hashing runs in your browser using the Web Crypto API and the spark-md5 library. No data is sent to any server.

Which algorithm should I use?

For security purposes, use SHA-256 or SHA-512. MD5 and SHA-1 are considered cryptographically broken and should only be used for checksums or legacy compatibility.

What is an HMAC?

HMAC (Hash-based Message Authentication Code) combines a cryptographic hash function with a secret key to produce a message authentication code. It is used to verify both the integrity and authenticity of a message.

Can I hash large files?

Yes. The file is read into memory as an ArrayBuffer and hashed using the Web Crypto API, which is hardware-accelerated. Files up to several hundred MB work well; very large files may be limited by available browser memory.

Why is MD5 still included if it's broken?

MD5 is still widely used for non-security purposes like file checksums, cache keys, and deduplication. Many download pages still list MD5 hashes for verification. It should not be used for passwords or digital signatures.

Related Tools

Base64 Encode/Decode

Encode and decode Base64 strings and files with drag-and-drop support.

UUID Generator

Generate, validate, and inspect UUIDs in v4 and v7 formats.

JWT Decoder

Decode JSON Web Tokens to inspect header, payload, and verify signatures.

Password Generator

Generate secure passwords and passphrases with entropy-based strength analysis.

Text Encrypt / Decrypt

Encrypt and decrypt text with AES-256-GCM using a password. All processing in your browser.

HMAC Generator

Generate HMAC signatures using MD5, SHA-1, SHA-256, SHA-384, and SHA-512 with hex or Base64 output.

ROT13 / Caesar Cipher

Encode and decode text using ROT13 or custom Caesar cipher rotation.