Loading the interactive tool… It runs in your browser — if it doesn't appear, enable JavaScript.
Hash text as you type, or drop in a file to compute its checksum — useful for verifying a download matches a published hash. All four common algorithms show at once with one-click copy. The SHA family uses the browser's native WebCrypto; MD5 (which WebCrypto deliberately omits) is implemented locally and verified against the RFC 1321 test vectors.
Files are hashed on your device — appropriate, since people routinely hash things they'd never want uploaded.
Frequently asked questions
Which hash algorithm should I use?
SHA-256 for anything that matters today — it's the standard for integrity verification. MD5 and SHA-1 are cryptographically broken (collisions can be manufactured) but remain fine for non-adversarial uses like cache keys and detecting accidental corruption.
How do I verify a downloaded file's checksum?
Drop the file here, then compare the computed hash against the one published on the download page — matching SHA-256 values mean the file arrived bit-for-bit intact. A mismatch means corruption or tampering: don't run it.
Why shouldn't passwords be stored as MD5 or SHA-256?
Plain hashes compute too fast — attackers can try billions of guesses per second offline. Password storage needs deliberately slow, salted algorithms like bcrypt, scrypt or Argon2. A fast hash is for data integrity, not credentials.