hash-generator · sha-1 / sha-256 / sha-512
// input text
// enter text above to generate hashes
About Hash Generator
A cryptographic hash function takes any input and produces a fixed-length string (the hash or digest) that uniquely represents that input. The same input always produces the same hash, and even a single character change produces a completely different hash — making them ideal for data integrity verification, checksums, and password storage.
This tool generates SHA-1, SHA-256, and SHA-512 hashes from any text input using the browser's built-in SubtleCrypto API. All hashing happens locally — your input is never transmitted. The output is displayed in hexadecimal format, which is the standard representation for hash digests.
SHA-256 is the most widely used algorithm today — it's used in TLS certificates, Bitcoin mining, file integrity checks, and HMAC authentication. SHA-512 provides a larger output (512 bits vs 256 bits) and is sometimes preferred for password hashing as a component of algorithms like bcrypt or Argon2. SHA-1 is considered cryptographically weak for security purposes but is still used in Git commit IDs and some checksums.
Use this tool to verify file integrity, generate test data, understand how hashing works, or compare hash outputs across algorithms.
Frequently Asked Questions
What is the difference between SHA-1, SHA-256, and SHA-512? ▾
All three are SHA (Secure Hash Algorithm) variants. SHA-1 produces a 160-bit (40 hex char) digest — considered weak for security; avoid for new systems. SHA-256 produces a 256-bit (64 hex char) digest — the current standard, used in TLS and Bitcoin. SHA-512 produces a 512-bit (128 hex char) digest — larger and slower, sometimes used in password hashing pipelines.
Can I reverse a hash back to the original text? ▾
No. Cryptographic hash functions are one-way — there is no algorithm to reverse them. The only way to find the input for a known hash is to try every possible input (brute force or rainbow tables), which is computationally infeasible for strong passwords.
Is this tool safe for hashing passwords? ▾
No. Plain SHA-256 is too fast for password hashing — modern hardware can compute billions of SHA-256 hashes per second, making brute-force attacks feasible. For passwords, use purpose-built algorithms like bcrypt, Argon2, or scrypt, which are intentionally slow and include salting.
Why does the same text always produce the same hash? ▾
Hash functions are deterministic — the same input always maps to the same output. This is what makes them useful for data integrity checks: if a file's hash changes, the file was modified. It also means hashing the same password twice gives the same hash, which is why salting (adding random data before hashing) is essential.
What is HMAC and how is it different from a plain hash? ▾
HMAC (Hash-based Message Authentication Code) combines a hash function with a secret key: HMAC(key, message). A plain hash only verifies data integrity (was it modified?). HMAC also verifies authenticity (was it sent by someone with the key?). HMAC-SHA256 is used in JWT signing, API request signing, and webhook verification.