DevBolt
Processed in your browser. Your data never leaves your device.

How do I generate a SHA-256 or MD5 hash online?

Enter your text and instantly see its hash in SHA-1, SHA-256, SHA-384, SHA-512, and MD5. You can copy any hash with one click. All hashing is performed client-side using the Web Crypto API — your input never leaves your browser.

Generate SHA-256 hash
Input
hello world
Output
b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9
← Back to tools

Hash Generator

Generate SHA-1, SHA-256, SHA-384, and SHA-512 hashes using the Web Crypto API.

Tips & Best Practices

Security Note

MD5 and SHA-1 are broken for security — use SHA-256 minimum

MD5 collisions can be generated in seconds on a laptop. SHA-1 was broken by Google in 2017 (SHAttered attack). For password hashing, neither SHA family is appropriate — use bcrypt, scrypt, or Argon2 which include salting and key stretching. SHA-256/512 are fine for file integrity checks and checksums.

Common Pitfall

Same input always produces the same hash

Hashing is deterministic. If you hash passwords with SHA-256 alone (no salt), identical passwords produce identical hashes. An attacker with rainbow tables can reverse millions of unsalted hashes instantly. Always salt before hashing for authentication use cases.

Pro Tip

SHA-256 is the standard for file verification

When downloading software, compare the SHA-256 checksum on the publisher's site against the hash of your downloaded file. This detects corrupted downloads and man-in-the-middle tampering. Most Linux distros, Docker images, and security tools publish SHA-256 checksums.

Real-World Example

Subresource Integrity uses SHA-384 by default

When loading scripts from CDNs, add an integrity attribute with the SHA-384 hash: <script src="cdn/lib.js" integrity="sha384-abc..." crossorigin="anonymous">. The browser refuses to execute the script if the hash doesn't match, preventing supply chain attacks.

Frequently Asked Questions

What is the difference between SHA-256, SHA-384, and SHA-512?
SHA-256, SHA-384, and SHA-512 are all part of the SHA-2 family and differ in output size and internal state. SHA-256 produces a 256-bit (64-character hex) hash, SHA-384 produces 384-bit (96-character), and SHA-512 produces 512-bit (128-character). SHA-256 is the most widely used for digital signatures, TLS certificates, Bitcoin mining, and file integrity checks. SHA-512 is faster on 64-bit processors and preferred for password hashing. SHA-384 is a truncated version of SHA-512, used in TLS 1.2+ cipher suites. All three are considered cryptographically secure as of 2026.
Is SHA-1 still safe to use?
SHA-1 is no longer considered cryptographically secure. Google demonstrated a practical collision attack (SHAttered) in 2017, producing two different files with the same SHA-1 hash. Major browsers, CAs, and Git have moved away from SHA-1 for security purposes. However, SHA-1 is still acceptable for non-security uses like cache keys, checksums for accidental corruption detection, and content-addressable storage where collision resistance is not critical. For anything security-related — digital signatures, certificate validation, password hashing — use SHA-256 or SHA-512 instead.
How do I verify a file's integrity using a hash?
Generate a hash of your file and compare it to the hash provided by the source. If both hashes match exactly, the file has not been modified or corrupted. The process is: download the file and the published hash (usually SHA-256), generate a hash of your downloaded file using the same algorithm, and compare the two strings character by character. Even a single bit change in the file produces a completely different hash. DevBolt's Hash Generator and File Hash Calculator both support this workflow with a verify mode for quick comparison.

Related Generate Tools

TBL

HTML Table Generator

Build HTML tables visually with an interactive editor — add rows, columns, header rows, captions, and styling. Export as plain HTML, inline CSS, or Tailwind classes

CSS Clip-path Generator

Create CSS clip-path shapes visually — circle, ellipse, inset, or polygon with draggable points. 13 shape presets, interactive preview, and production-ready CSS output

FX

CSS Filter Generator

Build CSS filter effects visually — blur, brightness, contrast, grayscale, hue-rotate, invert, opacity, saturate, sepia, and drop-shadow with 12 presets and live preview

ID

UUID Generator

Generate random UUID v4 identifiers in bulk