About Hash Generator
A fast, private, all-in-one hash tool built for developers and security professionals. No accounts. No uploads. No tracking beyond basic Vercel Analytics.
How it works
When you type text or drop a file, hashing runs entirely inside your browser tab. The Web Crypto API — a browser built-in — handles SHA-1, SHA-256, SHA-384, and SHA-512. MD5 is handled by a small bundled JavaScript library because Web Crypto intentionally omits it (MD5 is cryptographically weak).
For files, the tool reads your file from disk using the FileReader API and processes it in 2 MB chunks. Nothing is ever transmitted over the network. Large files (up to 2 GB) are supported without memory issues.
HMAC mode uses crypto.subtle.importKey + crypto.subtle.sign for the SHA variants. HMAC-MD5 is implemented manually since Web Crypto does not expose an HMAC-MD5 primitive.
Privacy commitment
No uploads
Your text and files never leave your browser. There are no API routes, no server-side hashing, and no logs.
No accounts
No sign-up, no login, no cookies beyond what Next.js requires for routing.
No tracking
Only basic Vercel Analytics (page views, no fingerprinting). No third-party ad trackers.
Open algorithms
Every algorithm used is a published standard implemented in your browser. No proprietary black boxes.
Frequently asked questions
Is my data ever uploaded to a server?
Never. All hashing runs entirely in your browser using the Web Crypto API (for SHA variants) and a bundled JavaScript library (for MD5). No data leaves your device — not your text, not your files.
What hash algorithms are supported?
MD5, SHA-1, SHA-256, SHA-384, and SHA-512. All five are computed simultaneously so you can compare or pick the algorithm you need in one step.
Can I hash large files?
Yes. Files up to 2 GB are supported. Large files are processed in 2 MB chunks to avoid exhausting browser memory, so even multi-gigabyte ISOs and disk images work fine.
What is HMAC mode?
HMAC (Hash-based Message Authentication Code) combines a secret key with your message to produce a keyed hash. It is commonly used to verify the authenticity of API payloads and webhooks. HMAC-SHA-256 and HMAC-SHA-512 are the most widely used variants.
Why use SHA-256 instead of MD5?
MD5 and SHA-1 are considered cryptographically broken — collisions have been demonstrated in both. For any security-sensitive use case (digital signatures, certificate fingerprints, password storage) always prefer SHA-256 or SHA-512. MD5 is still useful for non-security purposes like checksumming files for accidental corruption.
How do I verify a file checksum?
Drop the file into the File tab to get all hash outputs. Then paste the expected checksum (provided by the software author) and your computed hash into the Hash Comparison section below the tool. A green check confirms the file is intact and unmodified.
Does this tool work offline?
Once the page is loaded, all computation is local. If your browser caches the page assets, the tool will continue to work even without an internet connection.
What is the difference between SHA-256 and SHA-512?
Both are secure, modern hash algorithms from the SHA-2 family. SHA-256 produces a 256-bit (64-character hex) digest and is faster on 32-bit systems and constrained hardware. SHA-512 produces a 512-bit (128-character hex) digest and is faster on 64-bit CPUs due to wider integer arithmetic. For most software checksums and API signing, SHA-256 is the standard choice. SHA-512 is preferred when you need a larger output or want extra collision margin.
How do I verify a SHA-256 checksum on Windows or macOS?
You can verify without any software installation. On macOS, open Terminal and run: shasum -a 256 /path/to/file — then compare the output to the expected hash. On Windows, open PowerShell and run: Get-FileHash C:\path\to\file -Algorithm SHA256. Alternatively, drop the file into the File tab on this page and paste both hashes into the Hash Comparison box for a one-click match check.
Is it safe to hash sensitive data with an online tool?
With this tool, yes — but verify it for yourself. Open DevTools (F12), go to the Network tab, and watch while you type or drop a file. You will see zero outbound requests for your data. All hashing runs inside your browser tab using the Web Crypto API and a bundled JavaScript library. Nothing is transmitted to any server, ever.
Ready to hash something?
Generate MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes — from text or files — right in your browser.