Loading...
Loading...
Free online hash generator — compute MD5, SHA-1, SHA-256, SHA-384, SHA-512 hashes instantly. Built-in Web Crypto for secure computation.
A cryptographic hash function is a deterministic algorithm that takes an input (message) of arbitrary size and produces a fixed-size output (hash or digest). Hash functions are fundamental to modern computing — used for password storage, data integrity verification, digital signatures, file fingerprinting, and blockchain technology.
MD5 (Message Digest 5) produces a 128-bit (32-character) hash. It was once widely used but is now considered cryptographically broken — collision attacks can produce the same MD5 hash from different inputs. MD5 should never be used for security purposes, though it remains useful for non-security checksums like file integrity verification against accidental corruption.
SHA-1 produces a 160-bit (40-character) hash. Like MD5, SHA-1 has been deprecated due to collision attacks (the SHAttered attack demonstrated this in 2017). Modern systems should use SHA-256 or SHA-512, which belong to the SHA-2 family and remain secure for all practical purposes.
SHA-256 produces a 256-bit (64-character) hash and is the current industry standard. It is used in TLS/SSL certificates, blockchain (Bitcoin), code signing, and most security-sensitive applications. SHA-512 offers stronger security with a 512-bit (128-character) output and is faster on 64-bit processors.
Choosing the right hash: Use SHA-256 or SHA-512 for security (file integrity, signatures). Use MD5 or SHA-1 only for non-security purposes (deduplication, non-critical checksums). For password storage, never use plain hashes — always use a password hashing function like bcrypt, argon2, or scrypt with a salt.
Hash functions also power fundamental data structures like hash tables and hash maps, where the hash value determines which bucket an element is stored in. For this use case, speed matters more than cryptographic security — non-cryptographic hashes like MurmurHash, CityHash, and xxHash are preferred. They are orders of magnitude faster than SHA-256 while providing excellent distribution characteristics, making them ideal for Bloom filters, distributed caches, and in-memory data structures.
No for security, yes for non-security checksums. MD5 is cryptographically broken — attackers can deliberately create collisions. However, for checking accidental file corruption or data integrity (not against malicious attacks), MD5 is still acceptable.
SHA-256 produces a 256-bit hash (64 hex chars) with 128-bit collision resistance. SHA-512 produces a 512-bit hash (128 hex chars) with 256-bit collision resistance. SHA-512 is actually faster on 64-bit processors but uses more bandwidth. Both are currently secure.
No. Hash functions are one-way by design. The only way to 'reverse' a hash is through brute-force (trying all possible inputs) or using rainbow tables (pre-computed hash databases). This is why password hashing requires slow algorithms and salts to prevent such attacks.
A hash collision occurs when two different inputs produce the same hash output. For cryptographic hashes, collisions must be computationally infeasible — MD5 and SHA-1 are broken because practical collision attacks exist. For non-cryptographic uses like hash tables, collisions are expected and handled through chaining or open addressing, but minimizing collision probability is still critical for performance.
HMAC (Hash-based Message Authentication Code) combines a hash function with a secret key. Unlike regular hashing which produces the same output for the same input regardless of context, HMAC requires a key to both produce and verify the output. HMAC is used for API authentication, webhook verification, and message integrity where both parties share a secret.