Can a hash be reversed back into the original text?

No. Cryptographic hashes are one-way functions. You cannot recover the input from the hash, because many possible inputs map to a fixed-length output. The only way to find the original is to guess inputs and hash each one — which is why short or common values can still be looked up in precomputed tables.

Does this tool upload my data?

No. Every hash is computed locally in your browser with the built-in Web Crypto API. Your text never leaves your device and nothing is sent to a server, so it is safe for private or sensitive input.

Why is there no MD5 option?

Browsers do not include MD5 in the Web Crypto API, so it cannot be computed reliably client-side without bundling extra code. MD5 is also considered broken for security use. The SHA-2 family offered here (SHA-256, SHA-384, SHA-512) is the modern, recommended choice.

Which hash should I use?

For new work choose SHA-256 — it is fast, widely supported, and the default for checksums, signatures and integrity checks. Use SHA-384 or SHA-512 when you want a larger digest or are matching an existing spec. Avoid SHA-1 for anything security-sensitive; it remains useful only for legacy compatibility.

Developer

Hash Generator

Generate SHA-1, SHA-256, SHA-384 and SHA-512 hashes of any text — privately in your browser.

Free forever
No sign-up
Runs in your browser

Share X LinkedIn

Text to hash

Hashes

Enter text above to see its SHA-1, SHA-256, SHA-384 and SHA-512 hashes.

What is a hash?

A cryptographic hash turns any input — a word, a paragraph, an entire file — into a fixed-length string of characters called a digest. The same input always produces the same digest, but even a one-character change produces a completely different result. Crucially, the process is one-way: you cannot run it backwards to recover the original text from the hash.

That combination of properties makes hashes the backbone of a lot of everyday computing. They let you check that a download arrived intact, compare two values without storing the originals, build digital signatures, and create compact fingerprints of large data. This tool computes four widely used algorithms at once — SHA-1, SHA-256, SHA-384 and SHA-512 — so you can grab whichever one a system expects.

How to use it

Type or paste your text into the input box.
The four hashes are computed instantly and shown below, each on its own row.
Press Copy next to any hash to put it on your clipboard.
Press Clear to empty the input and start again.

Each digest is shown as a lowercase hexadecimal string, the format almost every tool and command line expects. The hashes update live as you type, so you can watch how a tiny edit changes the entire output.

What the algorithms are for

SHA-256 — the default workhorse. It powers file checksums, TLS certificates, Git commits, blockchains and most integrity checks. If you are unsure which to use, use this one.
SHA-384 and SHA-512 — part of the same SHA-2 family, producing longer digests. They are common in high-security contexts and in specifications that mandate a larger output. SHA-512 can even be faster than SHA-256 on 64-bit hardware.
SHA-1 — older and now considered broken for security purposes because collisions can be engineered. It still appears in legacy systems and some non-security uses, so it is included for compatibility, but do not rely on it to protect anything.

Why hashes are one-way

It is worth being explicit, because this is the single most misunderstood point: a hash cannot be decrypted. There is no key and no reverse function. A hash is not encryption — encryption is designed to be undone with a key, while hashing deliberately throws information away so the original cannot be reconstructed.

The only way to "crack" a hash is to guess inputs, hash each guess, and look for a match. That is exactly why short, common, or low-entropy values (like a plain password) are vulnerable: attackers precompute huge tables of value → hash. The defense is to add a unique random salt before hashing and to use a slow, purpose-built password hash — not a fast general hash like SHA-256 on its own.

When you would use a hash

Verify a download — compare the SHA-256 a project publishes against the hash of the file you received to confirm it was not corrupted or tampered with.
Detect changes — store a digest of some data, then re-hash later; if the digests differ, the data changed.
Deduplicate — use a hash as a compact fingerprint to spot identical files or records without comparing them byte by byte.
Reference content — content-addressed systems and caches use a hash as the key for a blob of data.
Match a specification — generate the exact algorithm and format an API, signature scheme, or vendor requires.

Tips and common mistakes

Same input, same hash — always. If your digest differs from someone else's for "the same" text, check for hidden differences: a trailing newline, different line endings, or extra whitespace all change the result.
Hashing is not encryption. Never use a plain hash to store passwords. Use a salted, slow password-hashing function designed for that job.
Watch the encoding. This tool hashes the UTF-8 bytes of your text. Hashing the same characters in a different encoding produces a different digest.
Pick the modern algorithm. Prefer SHA-256 or higher for anything new; treat SHA-1 as legacy only.

Because every hash is computed locally with your browser's built-in cryptography, this generator is a fast, private helper to keep in a tab whenever you need a checksum, fingerprint, or quick integrity check. For neighbouring jobs, the Base64 Encoder / Decoder handles reversible encoding and the UUID Generator mints unique identifiers.

Frequently asked questions

Comet's got your back

Stuck on something? Every tool has a short guide and FAQ — and Comet can point you to the right spot.

Visit help centre

Related tools

All Developer tools →