What is a hash function?

A hash function converts input data into a fixed-size string of characters.

Which hash algorithm should I use?

SHA-256 is recommended for most security applications. MD5 is outdated for security.

Are hashes reversible?

No, hash functions are one-way. You cannot reverse a hash back to the original input.

Hash Generator

Generate MD5, SHA-1, SHA-256 hashes

Input Text

About Hash Functions

A hash function is a mathematical algorithm that maps data of arbitrary size to a bit string of a fixed size. Hashes are commonly used for data integrity verification, password storage, and digital signatures.

Hash Algorithms

MD5

Produces a 128-bit hash value. MD5 is considered cryptographically broken and should not be used for security purposes.

SHA-1

Produces a 160-bit hash value. SHA-1 is also considered weak for security purposes but still used for legacy systems.

SHA-256

Part of the SHA-2 family, produces a 256-bit hash value. Currently recommended for most security applications.

SHA-384

Produces a 384-bit hash value. Provides higher security than SHA-256 for applications requiring longer hashes.

SHA-512

Produces a 512-bit hash value. The strongest of the SHA-2 family, suitable for high-security applications.

How It Works

This hash generator leverages the Web Cryptography API's crypto.subtle.digest() method to compute cryptographic hash values. The API implements industry-standard hash algorithms including SHA-1, SHA-256, SHA-384, and SHA-512, which are executed natively by your browser's cryptographic engine for optimal performance and security.

The hashing process converts input text into a byte array using TextEncoder, then processes it through the selected algorithm to produce a fixed-size hash value. The resulting byte array is converted to hexadecimal format for human-readable display, with each byte represented as two hexadecimal characters.

MD5 implementation uses a simple hash function for demonstration purposes only. For actual MD5 hashing, consider using established libraries. The Web Crypto API doesn't support MD5 natively due to its cryptographic weaknesses, so the simple implementation should not be used for security-critical applications.

Practical Use Cases

1. Data Integrity Verification

Software developers use hash functions to verify file integrity during downloads and installations. SHA-256 checksums ensure files haven't been corrupted during transfer or tampered with by malicious actors, providing confidence that downloaded software matches the original publisher's version.

2. Digital Signatures & Certificates

Cryptographic systems use hash functions as the foundation for digital signatures. Hashing large documents produces compact representations that can be efficiently signed, while any modification to the original document invalidates the signature, ensuring authenticity and non-repudiation in legal and financial transactions.

3. Version Control & Deduplication

Content-addressable storage systems use hash functions to identify and deduplicate data. Git uses SHA-1 to track file changes, while backup systems use content hashing to eliminate redundant storage, significantly reducing storage costs and improving efficiency in data management systems.

4. API Authentication & Tokens

Web applications use hash-based message authentication codes (HMAC) to secure API requests and generate session tokens. Hashing prevents replay attacks and ensures request integrity, while token-based authentication systems use hashes to validate user sessions without exposing sensitive credentials.

Examples & Pitfalls

✓ Proper Hash Usage

File integrity check:

Original: 2f7c4b8a9e3d1f6c5b8a9e3d1f6c5b8a
Download: 2f7c4b8a9e3d1f6c5b8a9e3d1f6c5b8a
Status: ✓ Integrity verified

Digital signature:

Document hash: SHA-256
Signature: RSA with SHA-256
Verification: Valid signature

Content deduplication:

File A: a1b2c3d4e5f6... (100MB)
File B: a1b2c3d4e5f6... (100MB)
Storage: 100MB (deduplicated)

✗ Common Pitfalls

Using MD5 for security:

Password: mypassword123
Hash: 482c811da5d5b4bc6d497ffa98491e38
Attack: Collision vulnerability

❌ MD5 is cryptographically broken

Hashing without salt:

Password: password
Hash: 5e884898da28047151d0e56f8dc62927
Attack: Rainbow tables

❌ Always use salt for passwords

Assuming uniqueness:

Different inputs:
Input A: "abc"
Input B: "def"
Hash collision: Possible

❌ Collisions exist for all hashes

Privacy & Security

This hash generator operates entirely within your browser using the Web Cryptography API. No input data or generated hashes are transmitted to external servers, ensuring complete privacy for your sensitive information. All cryptographic operations occur locally in your browser's secure cryptographic engine, making it safe for processing confidential documents, passwords, or proprietary data without network exposure.

The Web Crypto API provides hardware-accelerated cryptographic operations that are significantly more secure than JavaScript-based implementations. Hash computations are performed in isolated memory spaces and don't leave traces in browser history or cache, providing additional protection for sensitive data processing. However, be aware that hash values are deterministic - identical inputs always produce identical outputs, which can reveal information about your data patterns.

While hashing provides data integrity verification, it does not provide confidentiality. Hash values can be used to verify data authenticity but should not be considered encrypted versions of your data. For password hashing, always use specialized algorithms like bcrypt, scrypt, or Argon2 with proper salting, as demonstrated by the simple MD5 implementation which is included only for educational purposes and should never be used for actual security applications.

Last updated: 2026/3/14