# Hash Generator

> Compute MD5, SHA-1, SHA-256, SHA-512 hashes from text or file input

**Category:** Dev
**Keywords:** hash, md5, sha, sha256, sha512, sha1, checksum, crypto, digest, file hash, text hash
**URL:** https://complete.tools/hash-generator

## What is a hash

A cryptographic hash function takes any input (text, a file, a password) and produces a fixed-length string of characters called a hash or digest. Hash functions have three key properties:

- **Deterministic**: The same input always produces the same hash
- **One-way**: You cannot reverse a hash to recover the original input
- **Avalanche effect**: A tiny change to the input completely changes the hash

For example, the SHA-256 hash of "hello" is:
```
2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
```

Change one character to "Hello" and the hash becomes entirely different. This sensitivity to input changes is what makes hash functions useful for verification.

## When to use each algorithm

**MD5 (128-bit, 32 hex chars)**
Originally a security algorithm, MD5 is now considered cryptographically broken. Use it only for checksums and data integrity verification where security is not a concern. Never use MD5 to hash passwords.

**SHA-1 (160-bit, 40 hex chars)**
SHA-1 is deprecated for security use. It's still found in older Git commits and legacy systems, but should not be used for new security-sensitive applications.

**SHA-256 (256-bit, 64 hex chars)**
The current gold standard for most applications. Used in TLS/SSL certificates, Bitcoin, code signing, file integrity checking, and password hashing (as part of PBKDF2 or bcrypt). SHA-256 is part of the SHA-2 family.

**SHA-512 (512-bit, 128 hex chars)**
A larger variant of SHA-2, providing more security margin. Useful for applications that need extra resistance to future attacks, or on 64-bit systems where SHA-512 can be faster than SHA-256.

## Common use cases

- **File integrity verification**: Hash a downloaded file and compare against the publisher's listed hash to confirm the file isn't corrupted or tampered with
- **Password storage**: Developers store password hashes (not plaintext) in databases. SHA-256 combined with a salt is the minimum; bcrypt/argon2 are better
- **Data deduplication**: Compare hashes instead of file contents to find duplicate files quickly
- **Digital signatures**: Hash a document before signing it cryptographically
- **API security**: HMAC (Hash-based Message Authentication Code) uses SHA to verify API request authenticity
- **Blockchain**: Bitcoin uses double SHA-256 to secure transaction blocks
- **Git**: Every commit, tree, and blob in Git is identified by its SHA-1 hash (now migrating to SHA-256)

## How to use

1. Select "Text Input" to hash a string, or "File Input" to hash a file
2. Enter your text or drop/select a file
3. Click "Generate Hashes"
4. All four hash algorithms compute simultaneously
5. Click "Copy" next to any hash to copy it to your clipboard

For file verification: compare the SHA-256 hash shown here against the hash published by the software vendor. If they match, the file is authentic and unmodified.

## FAQs

**Q:** Is my data safe? Does this tool send my text or files anywhere?


**A:** Everything runs locally in your browser using the Web Crypto API and pure JavaScript. No data is ever transmitted to any server.


**Q:** Why is MD5 still shown if it's insecure?


**A:** MD5 is still widely used for non-security purposes like checksums and legacy system compatibility. Many software downloads still list MD5 checksums. This tool shows it because it's useful, while the content explains its limitations.


**Q:** Can I hash a large file?


**A:** Yes. The tool reads the file into memory and hashes it in your browser. Performance depends on your device. Files up to a few hundred MB work fine on modern hardware.


**Q:** Why does the same text produce a different hash with each algorithm?


**A:** Each algorithm (MD5, SHA-1, SHA-256, SHA-512) is a completely different mathematical function. They produce outputs of different lengths and different values by design.


**Q:** What is a salt and why is it important for password hashing?


**A:** A salt is a random string added to a password before hashing. It prevents attackers from using precomputed "rainbow tables" of common password hashes. This tool does not add salts, so don't use raw SHA-256 for storing passwords. Use a proper password hashing library like bcrypt or Argon2.

---

*Generated from [complete.tools/hash-generator](https://complete.tools/hash-generator)*