Hash Calculator online

Cryptographic hash functions are one-way mathematical functions that transform an input of any size into a fixed-length output (the hash or digest). Even a tiny change in the input produces a completely different hash — this is the avalanche effect. Hash functions are deterministic: the same input always produces the same hash.

Common Hash Algorithms

• MD5 — 128-bit, fast but no longer secure for cryptographic use. Still used for checksums.
• SHA-1 — 160-bit, deprecated for security. Used in legacy systems and git commit IDs.
• SHA-256 — 256-bit, part of the SHA-2 family. Widely used, considered secure.
• SHA-512 — 512-bit, more collision-resistant than SHA-256.

How Does This Hash Generator Work Online?

This tool computes cryptographic hash digests using your browser's native SubtleCrypto Web Cryptography API for SHA variants, and pure-JavaScript implementations for MD5, NTLM, and CRC32. Type or paste your input, select the algorithm, and the hash is computed instantly — entirely in your browser. Nothing you hash is ever sent to a server.

When to Use Each Hash Algorithm

• MD5 — fast 128-bit hash. Cryptographically broken — do not use for security. Still valid for non-security uses like checksumming files, cache-busting, or generating short identifiers from strings.
• SHA-1 — 160-bit hash. Deprecated for cryptographic use since 2017 (collision attacks demonstrated). Avoid for digital signatures or certificates; still used in some legacy version control and checksum systems.
• SHA-256 — 256-bit hash, part of the SHA-2 family. The current standard for most cryptographic use cases: password hashing (with a salt), data integrity verification, digital signatures, and TLS certificates. Bitcoin uses SHA-256 for proof-of-work.
• SHA-512 — 512-bit hash. Stronger than SHA-256, often faster on 64-bit systems. Used where maximum security margin is required.
• NTLM — Microsoft's legacy password hash format (MD4 of the UTF-16LE-encoded password). Used internally by Windows authentication. Seen frequently in penetration testing and Active Directory environments.
• CRC32 — a 32-bit cyclic redundancy check. Not a cryptographic hash — it detects accidental data corruption, not intentional tampering. Used in ZIP files, Ethernet frames, and storage systems.

What are Hash Functions Used For?

• Password storage — servers store a hash of your password, not the plain text. On login, the input is hashed and compared. (Use bcrypt, scrypt, or Argon2 for passwords — not MD5 or SHA.)
• File integrity verification — download a file and hash it, then compare against the published checksum to confirm no tampering or corruption occurred in transit.
• Digital signatures — sign a hash of a document, not the whole document. Verifying the hash proves the document hasn't changed since signing.
• Deduplication — hash file contents to find duplicate files in a storage system without comparing bytes directly.
• Cache keys — use an MD5 or SHA-256 of the request parameters as a cache key for fast lookups.

Are Hash Functions Reversible?

No. By design, hash functions are one-way — given a hash output, you cannot mathematically derive the input. What attackers do instead is a dictionary or brute-force attack: they hash millions of common passwords and compare the results. That's why passwords should always be hashed with a slow, salted algorithm (bcrypt, Argon2) rather than a fast general-purpose hash like SHA-256.