Hash Generator

A hash is one-way: the same input always gives the same digest, but you can't reverse it. For security use SHA-256 or stronger — SHA-1 (and MD5, which we don't offer) are broken and unsafe for passwords or signatures. Hashing is not encryption. Cyber security →

A hash function turns any input — a word, a file, a password — into a fixed-length string of characters called a digest. The same input always produces the same digest, and even a one-character change produces a completely different one. Hashes are used for integrity checks (verifying a download), storing password verifiers, and digital signatures.

No — hashing is one-way by design. You cannot recover the original text from the digest. Attackers instead guess inputs and compare hashes (a brute-force or dictionary attack), which is why a strong, salted password hash matters. Hashing is not encryption: encryption is reversible with a key, hashing is not.

Use SHA-256 or stronger (SHA-384, SHA-512) for anything security-related. SHA-1 is included here for compatibility with legacy systems and checksums, but it is cryptographically broken and must not be used for security. MD5 is even weaker — we deliberately do not offer it. For password storage specifically, use a purpose-built algorithm like bcrypt, scrypt or Argon2, not a plain hash.

Yes. Hashing runs entirely in your browser using the Web Crypto API (crypto.subtle) — your text is never sent to our servers, logged or stored, and no third-party scripts are loaded. You can disconnect from the internet and it still works.