Hash Generator

Generate SHA-256, SHA-1, SHA-384 and SHA-512 hashes from text — locally in your browser.

ToolFlux's Hash Generator turns any text into SHA-1, SHA-256, SHA-384 and SHA-512 digests at once, updating as you type — it all runs in your browser via the Web Crypto API, so your text never uploads.

Your text never leaves your device — hashing runs in your browser.

Generate SHA hashes from text, instantly and privately

This free hash generator turns any text into a cryptographic digest using the four algorithms built into your browser: SHA-1, SHA-256, SHA-384 and SHA-512. Paste a message, a configuration snippet, an API token or a published checksum, and every digest is calculated the moment you type. The work happens entirely on your own device through the Web Crypto API, so even confidential text never leaves your computer. There is nothing to install and no account to create.

How to generate a hash

  1. Enter your text Type or paste the text you want to hash into the input box.
  2. Read the digests The SHA-1, SHA-256, SHA-384 and SHA-512 hashes update instantly as you type.
  3. Pick the right algorithm Choose the digest your task needs — SHA-256 is the safe default for most uses.
  4. Copy it Press the Copy button next to a hash to copy it to your clipboard, then paste it wherever you need it.

What is a hash, and what is it for?

A cryptographic hash is a one-way fingerprint of your data. Feed in any text and you get back a fixed-length string of hexadecimal characters; the same input always produces the same digest, but there is no practical way to run the process backwards and recover the original. Change a single character of the input and the digest changes completely, which is precisely what makes hashes so useful.

That one-way fingerprint has a handful of everyday jobs:

  • Verifying integrity. Software projects publish a checksum — often a SHA-256 digest — alongside their downloads. Hashing the file or its published value and comparing the result tells you the content arrived intact and unaltered.
  • Detecting changes. Because the digest depends on every byte of the input, comparing two hashes is a fast way to confirm whether two pieces of text are identical without reading them line by line.
  • Deduplication and indexing. Systems often key content by its hash so identical items are stored or referenced only once.

A word of caution: hashing on its own is not the right way to store passwords. A safe password store uses a deliberately slow key-derivation function (such as bcrypt, scrypt or Argon2) together with a unique random salt, so that a stolen database cannot be cracked with a simple lookup table.

Which algorithm should you choose?

SHA-256 is the modern default — it is fast, ubiquitous and considered secure, and it is the right choice unless something tells you otherwise. SHA-384 and SHA-512 produce longer digests and suit specifications that require them. SHA-1 and MD5 are weak for security: practical collision attacks exist, so they should never guard anything that matters. SHA-1 is included here purely for compatibility with legacy checksums you may still encounter, and MD5 is omitted entirely because the Web Crypto API does not provide it and a broken hash is not worth re-implementing.

Frequently asked questions

Is my text uploaded when I generate a hash?
No. Hashing runs entirely in your browser using the built-in Web Crypto API. Your text is never sent to a server, so even sensitive input stays on your device.
Which hash should I use?
SHA-256 is the sensible default for almost everything — it is fast, widely supported and considered secure. Use SHA-384 or SHA-512 when a specification or system asks for them. SHA-1 is provided only for compatibility with older checksums and should not be relied on for security.
Can I reverse a hash back into the original text?
No. A cryptographic hash is a one-way function: the same input always produces the same digest, but there is no way to work backwards from the digest to the input. That one-way property is exactly what makes hashes useful for verification.
Why is there no MD5 option?
The Web Crypto API deliberately does not provide MD5, and we do not add a hand-rolled version. MD5 is cryptographically broken — collisions are trivial to produce — so offering it would only invite insecure use. SHA-256 is the modern replacement.
Can I verify a download’s checksum with this?
Yes, for text-based checks. Paste the text or the published value, generate the matching hash, and compare it character by character with the checksum the publisher lists. If the two strings are identical, the content is intact and unaltered.
Does the hash generator work offline?
Yes. Once the page has loaded, no connection is needed — the Web Crypto API runs locally, so you can keep generating hashes with no network access and nothing ever leaves your device.