kbwenLab

Hash Generator

MD5 · SHA-1 · SHA-256 · SHA-512 fingerprints — computed in your browser, never sent anywhere.

Input

Paste or type any text — hashes update as you type

Digests

Legacy checksums MD5 / SHA-1 — old-system compatibility only

About hash functions

A cryptographic hash function takes any input — a single character or a megabyte of text — and produces a fixed-length hex string called a digest. The function is deterministic (same input always gives the same output) and one-way (you cannot reverse a hash back to the original text). The avalanche effect means even a one-character change in the input produces a completely different digest.

Which algorithm? Use SHA-256 for any modern security application — it is the standard for integrity verification, digital signatures, and TLS certificates. MD5 and SHA-1 are cryptographically broken: researchers have demonstrated practical collision attacks (two different inputs that produce the same hash). Use MD5 and SHA-1 only for non-security checksums and legacy compatibility, never for passwords, signatures, or certificates.

What hashes cannot do: A hash is not encryption — there is no key and no decryption path. Hash cracking works by trying known inputs (rainbow tables, dictionary attacks) not by reversing the math. This tool uses the browser's built-in Web Crypto API (SubtleCrypto) for SHA-1, SHA-256, and SHA-512; MD5 runs via an inline pure-JS implementation because the Web Crypto API does not include it. Nothing leaves your device.

Quick guide

Use cases, answers, and nearby tools

Compact below-tool notes that help first-run users and repeated visitors move faster without changing the main interface.

Chinese search: 雜湊產生器、MD5 線上、SHA-256 計算、SHA-512 線上、checksum 工具、檔案校驗碼、雜湊比對

How to use

Run a clean first pass

  1. Paste or type any text into the input area — passwords, API tokens, config snippets, or long-form content all work.
  2. MD5, SHA-1, SHA-256, and SHA-512 digests are computed in parallel via the browser's built-in Web Crypto API. Nothing leaves your device.
  3. Click any row to copy that single digest, or use Copy All to grab every algorithm at once with labels.
  4. Default to SHA-256 (marked Modern) for current use; MD5 and SHA-1 are marked Legacy and should only verify legacy checksums or test compatibility.
  5. An empty input still produces valid digests — useful for sanity-checking that your local hashing library matches the canonical empty-string values shown here.

Examples

Real jobs this page helps with

  • Quick checksum verificationPaste a SHA-256 from a release page or documentation, then paste the file content or token string into the input — eyeball-compare the chunked digests to confirm a match without leaving the browser.
  • Algorithm side-by-side comparisonSecurity class or onboarding: enter one string and immediately see MD5 (32 chars), SHA-1 (40), SHA-256 (64), SHA-512 (128) so the length difference and why MD5 is no longer safe are concrete instead of abstract.
  • Bug-report fingerprint + dedupHash an error message or stack trace, take the first 8 chars of SHA-256 as a short identifier for issue titles or log dedup — same error always yields the same fingerprint without leaking the raw string.

FAQ

What people usually want to know

Is my text sent to a server when I hash it?

No. All hashing runs entirely in your browser via the built-in Web Crypto API (SubtleCrypto) on your device. Open the network panel — you will see zero upload requests.

What is the difference between MD5 and SHA-256? Which should I pick?

MD5 produces a 32-char (128-bit) digest. Fast but cryptographically broken — researchers can construct two distinct inputs that share the same MD5. SHA-256 produces a 64-char (256-bit) digest and is the current standard for digital signatures, TLS, and file integrity. Unless you are dealing with a legacy system, always pick SHA-256 — that is exactly why MD5 and SHA-1 are labeled Legacy here.

Why does an empty string still produce a hash?

Hash functions are deterministic and total: every input (including the empty string) produces a fixed-length output. SHA-256 of the empty string is always e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 — a useful constant for sanity-checking any hashing implementation.

Can I reverse a hash back to the original text?

No. Hash functions are one-way by design — given the output you cannot mathematically recover the input. This is the core security property that makes hashes useful for password storage, integrity checks, and digital signatures. Online 'hash crackers' are just precomputed rainbow tables and have no effect on random long strings.

Related tools

Base64 Encoder / Decoder URL Encoder / Decoder UUID Generator