A hash function takes any input — a word, a document, an entire hard drive — and produces a fixed-length string of characters. The same input always produces the same output. Even a single character change produces a completely different hash. This property makes hashes indispensable for verifying data integrity.
Properties of cryptographic hashes
- Deterministic: Same input always produces the same output
- Fixed length: Output size is fixed regardless of input size
- One-way: You cannot reverse a hash to get the original input
- Avalanche effect: Tiny input changes produce completely different hashes
- Collision resistant: Near-impossible to find two inputs that produce the same hash
Hash algorithms compared
MD5 (128-bit)
Output: 32 hex characters
Example: 5d41402abc4b2a76b9719d911017c592
MD5 is fast but cryptographically broken — researchers have demonstrated collision attacks (two different inputs producing the same hash). Never use MD5 for security purposes. Still widely used for non-security checksums and legacy compatibility.
SHA-1 (160-bit)
Output: 40 hex characters
SHA-1 is also cryptographically weakened — Google demonstrated a practical collision attack (SHAttered) in 2017. Avoid for new security applications. Git historically used SHA-1 for commit hashes and is migrating to SHA-256.
SHA-256 (256-bit)
Output: 64 hex characters
Example: 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
The current standard for most security applications. Part of the SHA-2 family. Used in TLS/SSL certificates, Bitcoin, code signing, and file integrity verification.
Recommended for most uses.
SHA-512 (512-bit)
Output: 128 hex characters
More secure than SHA-256 in theory, and actually faster on 64-bit systems due to wider internal operations. Used where maximum security is required.
Hash algorithms comparison table
| Algorithm | Output length | Security | Common use |
|---|---|---|---|
| MD5 | 32 hex chars | Broken | Non-security checksums |
| SHA-1 | 40 hex chars | Weak | Legacy compatibility |
| SHA-256 | 64 hex chars | Strong | File integrity, certificates |
| SHA-384 | 96 hex chars | Strong | TLS, code signing |
| SHA-512 | 128 hex chars | Very strong | High-security applications |
Common uses for hashing
Verifying file downloads
Software developers publish SHA-256 checksums alongside download links. After downloading, you hash the file and compare it to the published checksum. If they match, the file is authentic and unmodified. If they differ, the file may be corrupted or tampered with.
Password storage
Never store passwords in plain text. Systems store the hash of the password. When a user logs in, the input is hashed and compared to the stored hash.
Note: Use bcrypt, Argon2, or PBKDF2 for passwords — these add salting and are designed to be slow (preventing brute-force). Standard SHA-256 is too fast for password hashing.
Data deduplication
Hash a file before storing it. If the hash already exists in storage, the file is a duplicate. Used by cloud storage services to avoid storing identical files twice.
Digital signatures
Sign a hash of a document rather than the document itself. The recipient verifies the signature on the hash. Much faster than signing the full document.
Hash vs encryption
A common misconception: hashing is not encryption.
- Encryption is two-way: you can encrypt and then decrypt
- Hashing is one-way: you can hash but not "unhash"
- Hashed data cannot be recovered — only verified
How to generate hashes free
- Go to Hash Generator
- Type or paste text, or switch to the File tab and upload any file
- Select which algorithms to use (MD5, SHA-1, SHA-256, SHA-384, SHA-512)
- Copy individual hash values or all at once
- Use the Verify section to compare against an expected checksum
All hashing runs entirely in your browser using the Web Crypto API. Your text and files never leave your device.