Hash Generator
Hash text or a file with SHA-256, SHA-384, SHA-512 and SHA-1, all four side by side. Useful for checking a download against a published checksum, generating fixtures for tests, or seeing whether two files really are identical. Everything happens in your browser. The text you type and the files you drop are never uploaded.
Explain like I'm 5 (what even is this calculator?)
A hash is a short fingerprint of a file or piece of text. Same input, same fingerprint, every time. Change a single byte and the fingerprint changes completely. So if a website says "the SHA-256 of our installer is e3b0c4...", you can run the file through this page, compare the two strings, and know whether the file you downloaded is the one they published, or whether something tampered with it on the way to you.
Hash something
Browser-only. Files and text are hashed locally using the Web Crypto API. Nothing is uploaded. You can disconnect your network and the page still works.
SHA-256 default
SHA-384
SHA-512
SHA-1 legacy
MD5: not supported by Web Crypto. SHA-256 is what you want anyway. If you genuinely need MD5 for a legacy mirror, run md5sum on the command line.
Prove it
The two canonical SHA-256 test vectors that every implementation has to get right. If the values displayed for the matching inputs do not match these strings exactly, the implementation on this page is broken and you should not trust it.
- Empty string SHA-256:
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - "abc" SHA-256:
ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad - Empty string SHA-1:
da39a3ee5e6b4b0d3255bfef95601890afd80709 - "abc" SHA-1:
a9993e364706816aba3e25717850c26c9cd0d89d
Source: NIST FIPS 180-4 test vectors. These are reproduced verbatim because users should be able to copy-paste them and verify the page is honest, without leaving the site.
Useful? Save this calculator: press Ctrl + D to bookmark it.
What a hash actually is
A cryptographic hash function takes any input, of any length, and returns a fixed-size value. SHA-256 always returns 256 bits (32 bytes, 64 hex characters), regardless of whether you fed it a single space or a 90 GB Linux ISO. The output looks random but is fully deterministic: the same input always produces the same hash, on any machine, in any language. That is the entire trick. The hash is a fingerprint that is much easier to compare than the original data, and that nobody can forge a different input to match without doing more work than the universe has time for.
The two practical properties that matter day to day are preimage resistance (given a hash, you cannot work backwards to a matching input) and collision resistance (you cannot find two different inputs that produce the same hash). When a hash function is described as "broken", what is usually broken is collision resistance. That is what happened to MD5 in the early 2000s and SHA-1 in 2017.
Why SHA-256 is the sensible default
SHA-256 is part of the SHA-2 family, designed by NSA and standardised by NIST in 2001. More than two decades on, there are no known practical attacks against it. It is fast, it is the default in TLS certificates, Bitcoin, Git's newer object format, Subresource Integrity attributes, and most package manager checksums. If a system asks for "the hash" without specifying which one, SHA-256 is the right answer. SHA-512 gives you longer output for the same security floor, useful when you want a bit more headroom or are working with 64-bit-friendly hardware, but for ordinary file-integrity work SHA-256 is plenty.
Why MD5 and SHA-1 are weak
MD5 has been considered cryptographically broken since 2004, when researchers demonstrated practical collisions. By 2008, those collisions were used to forge a rogue Certificate Authority. MD5 should not appear in any new design that depends on collision resistance. It survives in two places: as a non-cryptographic checksum for accidental corruption (where speed matters more than security), and on legacy mirrors that have not yet caught up.
SHA-1 fell to the SHAttered attack in 2017, with two real PDF files producing the same hash. The cost of the attack has dropped dramatically since then. Git still uses SHA-1 for object IDs but is migrating to SHA-256, and most security-sensitive uses (TLS, signatures, code signing) phased it out years ago. SHA-1 is included on this page because legacy compatibility is a real need (Git, old CRL files, vendor mirrors), but if you have a choice, choose SHA-256.
When to use a hash, and when not
Hashes are the right tool for checking that a file you downloaded is the one the publisher intended. Pair the hash with a signed, trusted source for the hash itself, otherwise an attacker who can replace the file can also replace the published hash. They are also good for content-addressed storage (Git, IPFS), build manifests, and Subresource Integrity tags on third-party scripts.
Hashes are the wrong tool for password storage. SHA-256 is fast on purpose: a modern GPU can compute billions of SHA-256 hashes per second, which makes brute-forcing a stolen password database trivial. Passwords need a slow, salted, memory-hard hash designed for the job: bcrypt, scrypt, or argon2id, computed on the server. If you find yourself reaching for SHA-256 to "secure" passwords in a database, stop and pick the right primitive instead.
Verifying a download in three steps
- Get the published hash from the publisher's own site. Not from the mirror that hosts the binary. The whole point of the check is to detect a tampered mirror, so the hash needs to come from a trusted channel.
- Drop the downloaded file into the file panel above. The browser hashes it locally and shows the value.
- Paste the published hash into the Compare with expected hash field. Green means it matches, red means do not run the file.
If the hash matches but you still see weird behaviour, the issue is somewhere else (maybe the publisher themselves got compromised, maybe your machine is infected). If the hash does not match, do not unzip, do not run, do not install. Re-download from a different mirror, or contact the publisher.
Related calculators
Hashing verifies a file. These cover the rest of the security toolkit.
Frequently asked questions
Does the file or text get uploaded anywhere?
No. Hashing runs entirely in your browser using the Web Crypto API. You can disconnect from the network, type or drop a file in, and the hashes still appear. Nothing is sent to a server.
Why is MD5 not included?
MD5 is not supported by the browser's Web Crypto API, and pulling in a third-party MD5 library to add it would bloat the page for an algorithm nobody should be using on new work. MD5 is broken for collision resistance. If you need to verify a vendor that still publishes MD5 sums, run md5sum locally on the command line. For everything else, SHA-256 is the right default.
Should I use this to hash passwords?
No. SHA-256 of a password is fast enough that an attacker with a stolen database can try billions of guesses a second on a GPU. Password storage needs a slow, salted hash designed for the job, like bcrypt, scrypt or argon2id, run on the server. This tool is for file integrity, build artefacts, mirror checks and the like.
Why are SHA-256 and SHA-512 fine but SHA-1 weak?
Both SHA-256 and SHA-512 are part of the SHA-2 family and have no known practical collision attacks. SHA-1, by contrast, fell to the SHAttered collision attack in 2017, and stronger attacks have followed. SHA-1 still appears in legacy systems and Git internals, so it is included here for compatibility, but do not use it to confirm anything is genuine on a new system.
What does base64 give me that hex does not?
Hex is the conventional way to print a hash and what most tooling expects. Base64 is shorter, about a third smaller, and is the format used in Subresource Integrity attributes, some HTTP headers, and a few build manifests. If the system you are checking against publishes its hash in base64, switch the toggle to base64 here and compare directly.
How big a file can it actually handle?
Up to about 100 MB hashes comfortably on most machines. Bigger files work too, but the whole file has to fit in browser memory because the Web Crypto digest takes one buffer. For multi-gigabyte ISOs, the command line is faster: shasum -a 256 file.iso on macOS or Linux, Get-FileHash file.iso in PowerShell on Windows.