Hash Generator

Generate SHA-256, SHA-512, SHA-384, and SHA-1 hashes instantly. Hash text or files, create HMACs with a secret key, and compare hash values -- all client-side using the Web Crypto API. Your data never leaves your browser.

Or hash a file

📄
Drag & drop a file here or click to browse
Any file type supported. Processing happens in your browser.

Compare Hashes

Enter two hash values above to compare.

How It Works

Instant Hashing

Type or paste text and see SHA-256, SHA-512, SHA-384, and SHA-1 hashes generated in real time. Uses the browser's native Web Crypto API for maximum performance and security.

📄

File Hashing

Drag and drop any file to compute its hash values. Verify file integrity, check downloads, or compare checksums -- all without uploading anything to a server.

🔐

HMAC Support

Enable HMAC mode and provide a secret key to generate keyed-hash message authentication codes. Useful for API signatures, webhook verification, and data integrity checks.

🔍

Hash Comparison

Paste two hash values to instantly check if they match. Case-insensitive comparison makes it easy to verify checksums from different sources.

Understanding Cryptographic Hash Functions

A cryptographic hash function takes an input (or "message") and returns a fixed-size string of bytes. The output, called the hash value or digest, appears random but is deterministic -- the same input always produces the same output. Hash functions are fundamental to modern security, used for data integrity verification, password storage, digital signatures, and more.

Supported Algorithms

What is HMAC?

HMAC (Hash-based Message Authentication Code) combines a cryptographic hash function with a secret key. Unlike a plain hash, an HMAC proves both data integrity and authenticity -- only someone with the secret key can generate a valid HMAC for a given message. HMACs are widely used in API authentication (e.g., AWS Signature Version 4), webhook verification (e.g., GitHub, Stripe), and session token generation.

Common Use Cases

Frequently Asked Questions

What is a hash function and how does it work?
A hash function is a mathematical algorithm that takes an input of any size and produces a fixed-size output (the "hash" or "digest"). Cryptographic hash functions have several important properties: they are deterministic (same input always gives same output), fast to compute, infeasible to reverse (you cannot recover the input from the hash), and collision-resistant (it is extremely difficult to find two different inputs that produce the same hash). This tool uses the Web Crypto API (SubtleCrypto) built into your browser, which provides hardware-accelerated, standards-compliant implementations of SHA-1, SHA-256, SHA-384, and SHA-512.
Is SHA-1 still safe to use?
SHA-1 is considered cryptographically broken for collision resistance. In 2017, Google and CWI Amsterdam demonstrated a practical collision attack (SHAttered). Major browsers and certificate authorities have deprecated SHA-1 for TLS certificates. However, SHA-1 is still used in non-security contexts where collision resistance is not critical, such as Git commit identifiers and some legacy checksum systems. For any security-sensitive application, use SHA-256 or SHA-512 instead.
What is the difference between SHA-256 and SHA-512?
Both SHA-256 and SHA-512 belong to the SHA-2 family and offer strong cryptographic security. The key differences are output size (256 bits vs. 512 bits) and internal block size (512 bits vs. 1024 bits). SHA-512 can actually be faster than SHA-256 on 64-bit processors because it uses 64-bit arithmetic operations. SHA-256 is more commonly used and is the standard for most applications, including TLS certificates and Bitcoin. SHA-512 is preferred when a longer digest is needed or on 64-bit systems where it has a performance advantage.
What is HMAC and when should I use it?
HMAC (Hash-based Message Authentication Code) is a specific type of message authentication code that combines a cryptographic hash function with a secret key. While a plain hash only verifies data integrity (the data has not changed), an HMAC also verifies authenticity (the data was created or approved by someone who knows the secret key). Use HMAC when you need to verify both integrity and authenticity -- common examples include API request signing (AWS Signature V4, Stripe webhooks), session token generation, and inter-service authentication in microservices architectures.
Is my data safe using this tool?
Yes. All hashing is performed entirely in your browser using the Web Crypto API (SubtleCrypto). No data -- neither your text input, files, nor HMAC secret keys -- is ever sent to any server. The tool works completely offline once the page is loaded. You can verify this by opening your browser's developer tools and checking the Network tab while using the tool.
Can I hash large files with this tool?
Yes. The tool reads the entire file into memory using the browser's File API and then hashes it using the Web Crypto API. For most files (up to several hundred megabytes), this works well. Very large files (multiple gigabytes) may be slow or cause the browser tab to run out of memory, depending on your device's available RAM. For such files, consider using command-line tools like sha256sum on Linux/macOS or Get-FileHash on PowerShell.
How do I verify a file checksum?
To verify a file checksum: (1) Drop the file onto the hash tool to generate its hash values. (2) Copy the relevant hash (usually SHA-256) from the results. (3) Paste it into the "Compare Hashes" section along with the expected checksum provided by the file's publisher. (4) The tool will tell you instantly if they match. The comparison is case-insensitive, so you do not need to worry about uppercase vs. lowercase hex characters.

Explore More Developer Tools

Check out our other free developer tools. Decode JWTs, format JSON, parse cron expressions, and more -- all from your browser with no sign-up required.

JWT Decoder →