Hash Generator

What Are Cryptographic Hash Functions?

A cryptographic hash function is a mathematical algorithm that takes an input of any size and produces a fixed-length output called a hash, digest, or checksum. Hash functions have several critical properties that make them useful for security applications: they are deterministic (the same input always produces the same output), fast to compute, and effectively irreversible — given a hash, it is computationally infeasible to reconstruct the original input.

Perhaps the most important property of a cryptographic hash function is its collision resistance: it should be practically impossible to find two different inputs that produce the same hash output. Any change to the input — even flipping a single bit — produces a completely different hash. This avalanche effect makes hashes ideal for detecting tampering, verifying file integrity, and storing passwords securely.

MD5 vs SHA-1 vs SHA-256 — Which to Use?

MD5 (Message Digest 5). MD5 produces a 128-bit (32 hexadecimal character) hash and was once widely used for security applications. However, MD5 is now considered cryptographically broken — researchers have demonstrated practical collision attacks where two different files produce the same MD5 hash. MD5 should not be used for any security purpose. It remains useful only for non-security checksums where speed matters and collision resistance is not required, such as verifying data integrity in a trusted environment.

SHA-1 (Secure Hash Algorithm 1). SHA-1 produces a 160-bit (40 character) hash. Like MD5, SHA-1 has been practically broken — Google demonstrated a collision attack (“SHAttered”) in 2017. SHA-1 is deprecated for all security uses, including TLS certificates, digital signatures, and password storage. It still appears in legacy systems and some version control tools (Git historically used SHA-1, though it is transitioning to SHA-256).

SHA-256. Part of the SHA-2 family, SHA-256 produces a 256-bit (64 character) hash and remains secure as of 2024. It is the standard for TLS certificates, code signing, Bitcoin (proof of work), and file integrity verification. SHA-256 is the right choice for most security applications that need a hash today.

SHA-384 and SHA-512. Also part of SHA-2, these produce longer hashes (384 and 512 bits). SHA-512 is actually faster than SHA-256 on 64-bit processors because of how it is designed. Use SHA-512 when you need a larger security margin or when performance on 64-bit hardware is important. SHA-384 is used in some TLS cipher suites.

Hash Functions Are One-Way

A common misconception is that hashing is a form of encryption that can be reversed. Hashing is not encryption — you cannot “decrypt” a hash. This is by design. The one-way property is what makes hash functions useful for password storage: instead of storing passwords in plaintext (which would be catastrophic if the database were breached), applications store the hash of the password. When a user logs in, the application hashes the entered password and compares it to the stored hash.

However, simply hashing passwords with MD5, SHA-1, or even SHA-256 is insufficient. These algorithms are designed to be fast, which makes them vulnerable to brute-force and rainbow table attacks. For password hashing, use purpose-built algorithms like bcrypt, scrypt, or Argon2 that are designed to be computationally expensive and include built-in salting.

File Integrity Verification with Hashes

One of the most practical uses of hash functions is verifying that a file has not been corrupted or tampered with. When you download software, the developer often publishes the SHA-256 hash of the installer alongside the download link. After downloading, you compute the hash of the file you received and compare it to the published hash. If they match, the file is intact. If they differ, the file was corrupted during download or, worse, replaced by malware.

Use this tool's File tab to compute the SHA-256 hash of any downloaded file. Then compare the result to the hash published by the developer. This is a quick, reliable way to verify download integrity without any additional software.

Why MD5 Is Obsolete for Security

MD5 was designed in 1991 and was considered secure for most of the 1990s. By 1996, researchers had found weaknesses, and by 2004, full collision attacks were demonstrated. In 2008, forged SSL certificates were created using MD5 collisions, demonstrating that the attacks had moved from theoretical to practical.

Today, MD5 collision attacks can be performed in seconds on consumer hardware. Any security system that relies on MD5's collision resistance is critically vulnerable. Despite this, MD5 still appears in legacy systems, older protocols, and non-security uses like hash maps and checksums where collision resistance is not required. This tool includes MD5 for completeness and for computing checksums in legacy contexts — not for security applications.

Frequently Asked Questions

What is the hash of an empty string?

Every algorithm produces a defined output for an empty input. The MD5 hash of an empty string is d41d8cd98f00b204e9800998ecf8427e. SHA-256 of an empty string is e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855. Try it: clear the text input and observe the hashes update to these known values.

Can two different files have the same hash?

Theoretically yes — this is called a collision. In practice, with SHA-256, collisions are computationally infeasible (the probability is astronomically small). MD5 and SHA-1 have known practical collision attacks, which is why they are deprecated for security use. For SHA-256 and SHA-512, no practical collision attack exists.

How do I verify a file download using its hash?

Download the file, drop it into the File tab, note the SHA-256 hash. Compare it character by character with the hash published on the download page. If they match exactly, the file is authentic. On the command line: sha256sum filename (Linux/macOS) or Get-FileHash filename (PowerShell).

Is SHA-256 suitable for password storage?

No — SHA-256 is too fast for password storage. Attackers can try billions of combinations per second on GPUs. Use bcrypt, scrypt, or Argon2 for passwords — these are designed to be slow and include salting to prevent rainbow table attacks.

What does HMAC mean?

HMAC (Hash-based Message Authentication Code) is a construction that uses a hash function plus a secret key to produce a message authentication code. HMAC-SHA256 is widely used for API authentication and data integrity. JWTs signed with HS256 use HMAC-SHA256. This tool computes plain hashes, not HMACs — HMAC requires a key.

Why do some hashes end with different lengths?

Different algorithms produce different output lengths: MD5 = 32 hex chars (128 bits), SHA-1 = 40 chars (160 bits), SHA-256 = 64 chars (256 bits), SHA-384 = 96 chars (384 bits), SHA-512 = 128 chars (512 bits). Longer hashes provide larger security margins and are harder to attack by brute force.

Can I hash a file larger than my RAM?

This browser-based tool loads the entire file into memory before hashing. For very large files (tens of GB), use command-line tools: sha256sum largefile.iso on Linux, shasum -a 256 largefile.iso on macOS, or Get-FileHash largefile.iso -Algorithm SHA256 in PowerShell. These stream the file in chunks without loading it all at once.