January Sale - Secure Your Passwords
NordPass

Free Hash Generator

Compute MD5, SHA-1, SHA-256, SHA-384 and SHA-512 hashes of any text. Runs entirely in your browser using the native Web Crypto API (for SHA family) and a self-contained MD5 implementation. Nothing is uploaded.

Type something above to see all hash digests.

When to use which algorithm

  • MD5 — fast, broken. Use only for non-security purposes: file deduplication, ETags, cache keys.
  • SHA-1 — also broken for security since 2017. Avoid for new systems; still used in git internally.
  • SHA-256 — the modern default. Used by Bitcoin, TLS certificates, JWT signing, and almost everything new.
  • SHA-384 / SHA-512 — same family as SHA-256, larger output. Slight speed advantage on 64-bit CPUs.

Common uses

  • Verifying downloads — compare the published SHA-256 of a file against your own hash.
  • HMAC signing — sign API requests; pair with our JWT secret generator.
  • Detecting duplicates — hash file contents, group by hash.
  • Content-addressable storage — hash is the key. Git uses SHA-1, IPFS uses multihash.

Why not hash passwords with this?

Password storage needs a slow, salted hash function. SHA-256 is far too fast — an attacker with a single GPU can try billions of guesses per second. For passwords use bcrypt (or Argon2 in newer systems). Bcrypt has a tunable cost parameter that intentionally slows it down to milliseconds per hash.

Frequently asked questions

A hash is a fixed-length fingerprint of any input. SHA-256 always produces 64 hex characters whether you hash 1 byte or 1 gigabyte. Hashes are one-way: you cannot recover the input from the hash.

For new systems, use SHA-256 or SHA-512. SHA-1 and MD5 are broken for security purposes (collisions exist) — use them only for non-cryptographic purposes like file deduplication or cache busting.

No. Passwords need a slow, salted hash like bcrypt or Argon2. Use our bcrypt generator instead. SHA-256 is fast — that's great for general use but bad for passwords, where speed helps attackers.

SHA-256 produces 256 bits (64 hex chars), SHA-512 produces 512 bits (128 hex chars). SHA-512 is roughly equally secure on 64-bit CPUs and slightly faster than SHA-256 for large inputs. Pick by your output-size requirements.

Yes. All hashing happens in your browser via SubtleCrypto (SHA-1/256/384/512) and a self-contained MD5 implementation. Nothing is sent to a server.

Related tools

NordVPN