Hash Generator
Generate multiple hash digests simultaneously. Supports MD5, SHA-1, SHA-256, SHA-384, and SHA-512.
HMAC mode: Want HMAC-SHA256? Enter your message above, then add a secret key:
Hash Verifier
Check if a piece of text matches a known hash. Useful for verifying file checksums, passwords, and data integrity.
File Hash
Calculate the hash of any file. Works entirely in-browser β files never leave your device.
π Drop a file here or click to select
Supports any file type. Large files processed in chunks.
Hash Comparator
Compare two hash values for equality. Handles case differences and whitespace automatically.
Two-Text Comparison
Hash two different texts and compare them.
Hash Algorithm Guide
When to use each algorithm and what the hashes are for.
MD5 β 128-bit
- Legacy checksums only
- NOT cryptographically secure
- Collisions known since 2004
- Still used: file deduplification
- Output: 32 hex chars
SHA-1 β 160-bit
- Deprecated for security use
- Git uses SHA-1 for commit IDs
- Collisions demonstrated (2017)
- Avoid for new systems
- Output: 40 hex chars
SHA-256 β 256-bit β
- Industry standard (2024+)
- Bitcoin proof-of-work algorithm
- TLS certificates, JWT signing
- NIST approved β safe to use
- Output: 64 hex chars
SHA-384 β 384-bit
- Part of SHA-2 family
- Truncated SHA-512 variant
- Used in TLS 1.2/1.3
- Good for high-security needs
- Output: 96 hex chars
SHA-512 β 512-bit β
- Highest security SHA-2 variant
- Faster on 64-bit systems than SHA-256
- File integrity, digital signatures
- NIST approved
- Output: 128 hex chars
HMAC β Keyed Hash
- Hash + secret key = authentication
- Used in JWT tokens, OAuth, webhooks
- Prevents hash forgery
- Combine with any hash algorithm
- Never expose the secret key
π Passwords: Never store passwords as plain hashes (even SHA-256)! Use bcrypt, Argon2, or scrypt β they're designed for passwords and include salting + slow hashing to resist brute-force attacks.
π¦ File integrity: SHA-256 checksums are the standard. Compare the hash of a downloaded file against the publisher's stated hash to verify it hasn't been tampered with.
π HMAC vs Hash: A plain hash proves content, but anyone can recalculate it. HMAC proves content + knowledge of a shared secret β critical for API authentication.
π¦ File integrity: SHA-256 checksums are the standard. Compare the hash of a downloaded file against the publisher's stated hash to verify it hasn't been tampered with.
π HMAC vs Hash: A plain hash proves content, but anyone can recalculate it. HMAC proves content + knowledge of a shared secret β critical for API authentication.