Skip to main content
lab.golamrabbani.org

Hash Generator

Compute SHA-1, SHA-256, SHA-384, and SHA-512 hashes in your browser.

Written by Golam Rabbani, Founder & Lead Engineer

Hashes are computed in your browser via the native Web Crypto API (SubtleCrypto). Nothing is sent to a server. MD5 is not offered because the Web Crypto spec deliberately excludes it — use the dedicated MD5 generator if you need it.

Algorithms

How to use this hash generator

  1. Paste or type the text you want hashed into the input field.
  2. Pick one or more algorithms — SHA-1, SHA-256, SHA-384, SHA-512.
  3. Press Generate hashes to compute every selected digest in your browser.
  4. Click Copy next to any row to copy that hex digest to your clipboard.
  5. Use Reset to clear the input and start a fresh hash.

About this hash generator

This hash generator computes cryptographic digests entirely in your browser using the native Web Crypto API (SubtleCrypto). It supports the SHA-2 family — SHA-1, SHA-256, SHA-384, SHA-512 — which are the algorithms exposed by every modern browser. Each digest is shown as a lowercase hex string of fixed length (40 chars for SHA-1, 64 for SHA-256, 96 for SHA-384, 128 for SHA-512). Nothing is sent to a server: the input is UTF-8 encoded, fed into crypto.subtle.digest, and the resulting bytes are formatted client-side.

For example, hashing the text "hello world" returns SHA-1 "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed" and SHA-256 "b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9". Use SHA-256 or stronger for integrity checks, content addressing, and HMAC keys; SHA-1 is included for compatibility with older systems but is collision-broken and should not be used for new security work. MD5 is intentionally absent because the Web Crypto specification excludes it — use the dedicated MD5 generator on this site if you need it for a non-security checksum.

FAQ

Which hash algorithms does this tool support?
The SHA-2 family available in the Web Crypto API: SHA-1, SHA-256, SHA-384, and SHA-512. You can compute any combination of them in one pass.
Why no MD5 option?
The Web Crypto specification deliberately omits MD5 because it is collision-broken and unsafe for security use. A dedicated MD5 generator (using a JavaScript implementation) is available separately on this site for non-security checksum needs.
Is my input sent to a server?
No. All hashing happens in your browser via crypto.subtle.digest. The input text never leaves the page; nothing is logged or transmitted.
Why does the same text produce different digests across algorithms?
Each algorithm has a different design and output length: SHA-1 is 160 bits, SHA-256 is 256 bits, SHA-384 is 384 bits, SHA-512 is 512 bits. They are independent functions, so their outputs are unrelated.
Are these hashes suitable for storing passwords?
No. Plain SHA hashes are too fast for password storage. Use a dedicated password-hashing function such as bcrypt, scrypt, or Argon2, ideally with a unique per-user salt and a tuned work factor.
Why is the output always lowercase hex?
Lowercase hex is the de facto convention for cryptographic digests (used by every major library and command-line tool). Hashes are case-insensitive, so you can uppercase the output yourself if a downstream system requires it.