Dev Converters
Crypto

MD5 / SHA Hash Generator

Generate MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes of any text. Uses Web Crypto for SHA and a pure-JS MD5 implementation. All offline.

How it works

A cryptographic hash function compresses arbitrary input into a fixed-length fingerprint. The same input always produces the same hash, but even a single-bit change in the input scrambles the output completely. Hashes are used everywhere: file integrity checks, git commit IDs, content-addressable storage, signature schemes.

This generator covers the common family: MD5 (128-bit, legacy), SHA-1 (160-bit, deprecated), and SHA-2 in four sizes (SHA-256, SHA-384, SHA-512). SHA variants are computed via the browser's Web Crypto API (`crypto.subtle.digest`), which is hardware-accelerated on most devices. MD5 is implemented in pure JavaScript because modern browsers intentionally omit it from Web Crypto.

Security notes: MD5 and SHA-1 are both broken for collision resistance — attackers can craft two different inputs with the same hash. Use SHA-256 or SHA-3 for anything security-sensitive. Never use any of these for storing passwords; use a proper password-hashing function like Argon2id or bcrypt, which are designed to be slow and memory-hard. Fast hashes are for checksums, content IDs, and HMACs, not credentials.

Frequently asked questions

Is MD5 still safe to use?
Not for security. MD5 is broken for collision resistance and should never be used for passwords, signatures, or certificates. It remains fine for non-adversarial checksums.
What should I use for password hashing?
None of these. Use bcrypt, scrypt, or Argon2 — they are deliberately slow to resist brute force. Plain SHA-256 is far too fast.
Is the hashing done locally?
Yes. SHA variants use the browser Web Crypto API. MD5 uses a small pure-JS routine bundled in. Your input never leaves the page.

Related tools