Cryptographic hash functions are the backbone of data integrity, password storage, and digital signatures. This guide explains what hashes are and how to generate them instantly online.
โก Try It Free โ No Signup
Works instantly in your browser. No account, no install, no upload.
Generate Hash Free โWhat Is a Hash Function?
A hash function takes any input (text, file, password) and produces a fixed-length string called a digest. Key properties: the same input always produces the same hash, tiny changes produce completely different hashes, and it's computationally impossible to reverse the hash back to the input.
Common Hash Algorithms Compared
| Algorithm | Output Length | Status | Use Case |
|---|---|---|---|
| MD5 | 128-bit (32 hex) | Broken | Checksums only (not security) |
| SHA-1 | 160-bit (40 hex) | Deprecated | Legacy only |
| SHA-256 | 256-bit (64 hex) | Secure | File integrity, tokens |
| SHA-512 | 512-bit (128 hex) | Secure | High-security applications |
Practical Uses of Hash Functions
- File integrity: Download sites publish SHA-256 checksums so you can verify a file wasn't corrupted or tampered with
- Password storage: Databases store hashed passwords, not plaintext (with salt to prevent rainbow table attacks)
- Digital signatures: Documents are signed by hashing the content, then encrypting the hash
- Git commits: Every Git commit is identified by its SHA-1 hash
- Deduplication: Compare hashes to find duplicate files without reading the full content
How to Verify a File Checksum
# Windows PowerShell
Get-FileHash file.zip -Algorithm SHA256
# macOS / Linux
sha256sum file.zip
shasum -a 256 file.zipFrequently Asked Questions
Is MD5 safe for passwords?
No. MD5 is cryptographically broken and should never be used for password hashing. Use bcrypt, Argon2, or scrypt instead.
Can the same input produce different hashes?
No โ a hash function is deterministic. The same input always produces the same output.
Can two different inputs produce the same hash?
Theoretically yes (called a collision), but for SHA-256 it's computationally infeasible. MD5 and SHA-1 have known collision vulnerabilities.
Is my input sent to a server?
No. Hashing runs entirely in your browser using the Web Crypto API. Your data never leaves your device.