SHA Hash Generator

Compute SHA-1, SHA-256, SHA-384, and SHA-512 message digests of any text. Uses the Web Crypto API — no upload, no library, no third party.

FIPS 180-4Web Crypto
Awaiting input

What is a hash function?

A cryptographic hash function takes an arbitrary-length input and produces a fixed-length output called a digest. Three properties matter: it is deterministic (the same input always produces the same digest), one-way (the input cannot be recovered from the digest), and collision-resistant (it should be infeasible to find two inputs with the same digest).

AlgorithmOutput (bits)Hex charsStatus
SHA-116040Broken for collisions; do not use for new work.
SHA-25625664Current default — TLS, Git, Bitcoin, JWT HS256/RS256.
SHA-38438496SHA-512 truncated; common in higher-security suites.
SHA-51251212864-bit variant; faster on 64-bit CPUs.
!

Plain hashing is not password storage. If you're hashing passwords, you need a slow, memory-hard function with a salt: bcrypt, scrypt, or Argon2 (preferred). A bare SHA-256 of a password can be cracked at billions of guesses per second on consumer GPUs.

Use cases

FAQ

Why no MD5?

MD5 is cryptographically broken and the Web Crypto API doesn't expose it for that reason. For non-security checksums (e.g. ETag generation) you'd use a different primitive; for cryptographic uses, pick SHA-256 or later.

Does adding more text always change the hash?

Yes. Even a single-bit change produces a completely different digest — the "avalanche effect" is a designed property of cryptographic hashes.

Why are digests shown in hex?

Convention. Hex is unambiguous, easy to copy, and case-insensitive. Some systems use Base64 instead to save characters.

Related tools

HMAC Generator // keyed hashing JWT Decoder // HS256 in practice Password Generator // pair with hashes Base64 Encoder // alternate encoding

Related references

Hash Functions // security Symmetric vs Asymmetric // security PKI // security

External authority sources