Skip to content
Scratchpad
Your text never leaves your browser

Hash Generator

One string in, four hashes out. The one-way street of cryptography.

Input

What this does

DEVS: crypto.subtle.digest() for SHA-1/256/384/512. Web Crypto API, browser-native, no library.

Type or paste any string and get four hash digests at once. SHA-1, SHA-256, SHA-384, and SHA-512, all computed in parallel because waiting for one hash at a time would be silly. Each result gets its own copy button. Click, paste, move on.

A hash is a one-way function. You feed it any input (a password, a file, the complete works of Shakespeare) and it produces a fixed-length string of hex characters. Always the same output for the same input. Always a different output for different inputs. And you can't reverse it to get the original back. That's the whole point.

When to use which algorithm. SHA-256 is the right choice for almost everything today: integrity checks, content addressing, generating deterministic IDs. SHA-1 still shows up in legacy systems and git uses it for commit hashes (git is slowly migrating to SHA-256, but slowly is the key word). SHA-512 produces a longer digest and works well when you need extra collision resistance or you're on a 64-bit system where it's actually faster than SHA-256. SHA-384 is a truncated SHA-512, mostly used in specific TLS cipher suites.

You'll notice MD5 isn't here. That's intentional. MD5 has known collision vulnerabilities, meaning someone can craft two different inputs that produce the same hash. It's been broken for cryptographic purposes since 2004. Some people still use it for quick checksums, but if you're reaching for a hash function in 2026, SHA-256 costs you nothing extra and doesn't come with an asterisk.

Hashing and encryption are different things. Encryption is reversible (with the right key). Hashing isn't. You hash passwords before storing them so that even if the database leaks, the actual passwords aren't exposed. You hash files to verify they haven't been tampered with (download a file, hash it, compare against the published hash). Git hashes every commit, tree, and blob to build its entire version history. Checksums on downloads, integrity attributes on script tags, content-addressable storage. Hashes are everywhere.

This runs entirely in your browser using the Web Crypto API. Your input never touches a server. There's nothing to intercept because there's nothing to send. Hash your API keys, your deployment secrets, your embarrassing draft tweets. We literally can't see them.

Each hash displays as a lowercase hex string. That's the standard representation, and it's what you'll paste into config files, verification scripts, and documentation. No accounts, no rate limits, no nonsense.