Skip to content
Kordu Tools
Developer Tools Runs in browser Updated 30 Mar 2026

Hash Generator

Generate MD5, SHA-1, SHA-256, and SHA-512 hashes from text or files instantly in your browser.

Click to upload or drag and drop

Any file up to 100MB

 

 

Hashes

Waiting for input

Start typing to generate MD5, SHA-1, SHA-256, and SHA-512 hashes.

MD5 is included for compatibility and checksum workflows. For security-sensitive use cases, prefer the SHA-256 or SHA-512 outputs.
Loading rating…

How to use Hash Generator

  1. Choose text or file mode

    Select the Text tab to hash a string, or the File tab to hash a file from your device.

  2. Enter your input

    In text mode, type or paste your input — hashes update in real time. In file mode, drag and drop any file or click to browse.

  3. Review all four hashes

    MD5, SHA-1, SHA-256, and SHA-512 hashes are displayed simultaneously so you can compare all formats at once.

  4. Copy the hash you need

    Click Copy next to any algorithm to copy that hash to your clipboard. Toggle uppercase or lowercase output as required by your system.

Hash Generator FAQ

What is the difference between MD5, SHA-1, SHA-256, and SHA-512?
MD5 produces a 32-character hex hash and is cryptographically broken — suitable only for non-security uses like checksums. SHA-1 produces a 40-character hash and is deprecated for security. SHA-256 and SHA-512 are part of the SHA-2 family and are cryptographically secure, producing 64 and 128 character hashes respectively.

Is MD5 secure for password hashing?
No. MD5 is cryptographically broken, extremely fast to brute-force, and must not be used for password storage. Use bcrypt, scrypt, or Argon2 for passwords. MD5 is still useful for file integrity checks and deduplication.

Are my files uploaded anywhere?
No. Files are read and hashed entirely in your browser using the File API and Web Crypto API. Nothing leaves your device.

How large a file can I hash?
The tool can hash any file your browser can load into memory — typically several gigabytes on modern hardware. For very large files, processing may take a few seconds.

What is a checksum used for?
Checksums verify file integrity: compare the hash of a downloaded file against the hash published by the author. If they match, the file is unmodified. If they differ, the file may be corrupted or tampered with.

Can I hash a string to verify an API signature?
Yes. Paste the string to hash in text mode. For HMAC signatures (used by AWS, Stripe, GitHub webhooks) you need a separate HMAC tool — plain SHA hashing does not incorporate a secret key.

Why does the same text produce different hashes each time?
It should not — hash functions are deterministic. If you see different output, check for trailing whitespace, hidden characters, or encoding differences in the input.

Can I use uppercase or lowercase hex output?
Yes. Toggle between uppercase (A-F) and lowercase (a-f) hex output. Both are valid — different systems have different preferences. Linux checksum tools typically use lowercase.

Why is SHA-256 recommended over MD5 and SHA-1?
SHA-256 has no known collision vulnerabilities, is part of the SHA-2 standard, and is approved for use in digital certificates, HMAC, and code signing. MD5 and SHA-1 have known weaknesses and should not be used for security-sensitive applications.

Background

Hash Generator computes MD5, SHA-1, SHA-256, and SHA-512 hashes simultaneously so you can compare all four outputs at a glance. Switch between text mode (hashes update as you type) and file mode (drag and drop any file for instant checksums). All four hash values update together, saving time when you need to verify a file against multiple hash formats.

SHA-256 and SHA-512 use the browser's built-in Web Crypto API — a native, hardware-accelerated implementation. MD5 and SHA-1 are included for legacy compatibility and file integrity checks. Toggle uppercase or lowercase output to match the format expected by your system.

Common uses include verifying file integrity after download, generating checksums for deployment artifacts, debugging HMAC signatures, and checking whether two files are identical without a byte-for-byte comparison. All hashing runs entirely in your browser — files and text are never uploaded or transmitted to any server.

Related tools

Base64 Encoder/Decoder

Encode text or files to Base64 or decode Base64 strings back to plain text — real-time, fully in your browser.

JWT Decoder

Decode and inspect JWT tokens — view header, payload, claims, and expiry status without sending data to any server.

UUID Generator

Generate cryptographically secure v4 and v7 UUIDs in bulk — copy individually or all at once, instantly in your browser.

MD5 Hash Generator

Generate MD5 hashes from text in real time. Instant output, uppercase toggle, 100% browser-based. Not for passwords — use bcrypt instead.

SHA-256 Hash Generator

Generate SHA-256 hashes from text instantly. WebCrypto hardware-accelerated, real-time output. Used in Bitcoin, TLS, and digital signatures. Zero uploads.

Learn more

developer

SHA-256 vs MD5 vs SHA-1: Which Hash Algorithm Should You Use?

MD5 collisions were cracked in 2004. SHA-1 fell in 2017. Here's which hash algorithm is safe today and when to use SHA-256, SHA-512, or BLAKE3.