Hash Generator & Verifier
Generate and verify cryptographic hashes (MD5, SHA-1, SHA-256, SHA-384, SHA-512) for text and files. HMAC support, hash comparison, bulk hashing, and export. 100% client-side — your data never leaves your browser.
Privacy: All hashing operations happen locally in your browser using the Web Crypto API. Your data never leaves your device.
Features
Multi-Algorithm Output
Compute MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes simultaneously — select any combination of algorithms
File Hashing (500MB)
Hash files up to 500MB with streaming reads and real-time progress — drag-and-drop or click to browse
HMAC Support
Generate HMAC signatures with a secret key — debug webhook payloads from Stripe, GitHub, Slack, and more
Smart Hash Comparison
Paste an expected hash to compare — auto-trims whitespace, case-insensitive match, character-by-character diff highlighting
Bulk Text Hashing
Hash up to 1,000 lines at once — paste a list, get one hash per line in a table with export support
100% Client-Side Privacy
Zero network requests — all hashing uses the browser's Web Crypto API and runs entirely on your device
Frequently Asked Questions
How does cryptographic hashing work?
A hash function takes any input (text or file) and produces a fixed-length string of hexadecimal characters. The same input always produces the same hash, but even a tiny change in the input produces a completely different hash. This makes hashing ideal for verifying file integrity, storing password fingerprints, and validating data.
What is the difference between MD5 and SHA-256?
MD5 produces a 128-bit (32-character) hash and is fast but cryptographically broken — collisions can be manufactured. SHA-256 produces a 256-bit (64-character) hash and is considered secure for integrity verification, digital signatures, and certificate validation. Use SHA-256 or stronger for anything security-sensitive; MD5 is fine for non-security checksums.
Is SHA-1 secure? SHA-1 vs SHA-256
SHA-1 produces a 160-bit (40-character) hash and is deprecated for security use — practical collision attacks exist (Google's SHAttered attack, 2017). SHA-256 produces a 256-bit (64-character) hash with no known practical collisions, making it the modern standard for digital signatures, TLS certificates, and integrity verification. Use SHA-1 only for legacy compatibility or non-security checksums; choose SHA-256 or SHA-512 for anything security-sensitive.
What is HMAC and when should I use it?
HMAC (Hash-based Message Authentication Code) combines a hash function with a secret key to verify both data integrity and authenticity. It's commonly used to validate webhook payloads — services like Stripe, GitHub, and Slack sign their webhook requests with HMAC-SHA256 using your secret key. You can use this tool to compute the expected signature and compare it to the one in the request header.
What is the maximum file size supported?
You can hash files up to 500MB. Files are read in 2MB streaming chunks with a real-time progress bar. For files over 200MB, a warning is shown because large files require significant memory for SHA algorithms. MD5 uses incremental hashing (spark-md5) which is more memory-efficient. You can cancel file hashing at any time.
Does this tool work offline?
Yes. Once loaded, the hash generator works completely offline. All hashing uses the Web Crypto API (built into your browser) and spark-md5 for MD5. No data is ever sent to a server — you can verify this by checking your browser's Network tab during any operation.
Related Hash Generator & Verifier Articles
Discover more insights about hash generator & verifier and related development topics