What is a hash function?

A hash function is a mathematical algorithm that takes input data of any size and produces a fixed-size output called a hash, digest, or checksum. The same input always produces the same output, but even a tiny change in the input produces a completely different hash. Good hash functions are one-way, meaning you cannot reverse-engineer the original input from the hash.

What is the difference between SHA-256 and SHA-512?

Both are members of the SHA-2 family designed by the NSA. SHA-256 produces a 256-bit (64 hex character) hash and uses 32-bit operations internally. SHA-512 produces a 512-bit (128 hex character) hash using 64-bit operations. SHA-512 is actually faster on 64-bit processors and provides a larger security margin against brute-force attacks.

MD5 is cryptographically broken and should not be used for security purposes like password hashing or digital signatures. Collision attacks against MD5 are practical and can be performed on a laptop in seconds. However, MD5 remains useful for non-security applications like checksums for data integrity verification where deliberate tampering is not a concern.

What is the avalanche effect?

The avalanche effect is a property of good hash functions where changing a single bit of input causes roughly half the output bits to change. This means even the smallest modification to the input, such as changing one character, produces a completely different hash. This property is essential for hash tables, checksums, and cryptographic applications.

Can you reverse a hash to get the original text?

No. Cryptographic hash functions are designed to be one-way functions. There is no mathematical method to reconstruct the input from a hash. However, attackers can use rainbow tables or brute-force attempts to guess common inputs. This is why passwords should be hashed with specialized algorithms like bcrypt or Argon2 that add salt and computational cost.

Hash Generator - Free Online SHA-256, SHA-512, MD5 Hash

Generate cryptographic hashes from any text using SHA-256, SHA-384, SHA-512, or MD5. Results update in real time as you type.

What people actually use hashes for

Hashes are a "one-line answer" tool to a surprisingly large set of unrelated problems. The five most common uses, in roughly the order most engineers encounter them:

File integrity. "Did this 4 GB file arrive intact?" Hash the file, compare against a published digest. The classic SHA-256 use case — same algorithm used in shasum, sha256sum, every CDN's checksum manifest, and TLS certificate pinning.
Cache keys. "Have I computed the result for these inputs before?" Hash the inputs, use the digest as a Redis/Memcached key. MD5 is fine here — collisions don't matter because the values can be recomputed.
Deduplication. "Are these two large blobs identical?" Same as integrity but inverted: compare hashes instead of bytes. Git's content-addressed storage is the canonical example (originally SHA-1, now transitioning to SHA-256).
Digital signatures and JWT. Sign a hash of the document, not the document itself, then verify the signature against a fresh hash. The JWT decoder and JWT generator use this pattern; the HMAC generator is the keyed variant.
Password storage. But not with this tool. SHA-256 is the wrong algorithm for password storage. See the section below before you do this.

Picking the right algorithm

Five algorithms are available above. A pragmatic decision table:

SHA-256 (256-bit, 64 hex chars): the default. Use it unless you have a reason not to. Used by TLS, Bitcoin, Git (as of 2.29+), most code-signing systems.
SHA-512 (512-bit, 128 hex chars): same security level as SHA-256, but uses 64-bit operations internally. Slightly faster on 64-bit CPUs (counterintuitively, given the longer output), slightly slower on 32-bit. Pick when you specifically need 256 bits of collision resistance instead of 128 (i.e., basically never for typical workloads).
SHA-384 (384-bit, 96 hex chars): SHA-512 truncated. Used by some US government suites (Suite B). Rare outside those contexts.
SHA-1 (160-bit, 40 hex chars): broken for collision resistance since 2017 (the SHAttered attack produced a real PDF collision). Still safe for HMAC and for non-adversarial integrity checks — but for new use cases, just use SHA-256.
MD5 (128-bit, 32 hex chars): broken since 2004. Trivially collidable on a laptop. Still acceptable for cache keys, file fingerprinting where adversaries are not involved, and legacy compatibility. Never for anything that touches security.

The mistake to never make: SHA-256 for passwords

This tool can compute SHA-256 of any input, including a password. That does not mean you should store user passwords this way. SHA-256 is designed to be fast — billions of operations per second on a modern GPU. That speed is a feature for integrity checking. It is a catastrophic flaw for password storage. If a SHA-256-hashed password database leaks, an attacker can test the entire 8-character English-words dictionary against every account in minutes.

Use a password-specific hash: bcrypt, scrypt, or Argon2id (the current preferred default per OWASP). These are intentionally slow and memory-hard — they take roughly 100ms per hash on a modern CPU instead of nanoseconds, and on a GPU they are not meaningfully faster. That speed asymmetry is the entire point. The password generator creates strong inputs; the language-level libraries (bcrypt-ruby, argon2-cffi, etc.) do the actual storage.

Collision history, in 30 seconds

MD5 — collision attack demonstrated 2004 (Wang et al.). Practical chosen-prefix collisions 2009 (Stevens et al.). A rogue intermediate CA certificate was forged using MD5 collisions in 2008. Effectively broken for two decades.
SHA-1 — theoretical attacks since 2005. Real collision (the SHAttered PDF) produced 2017 by Google + CWI Amsterdam at a cost of ~$110k in cloud compute. Chosen-prefix collisions in 2020 at ~$45k. Officially deprecated by major CAs.
SHA-256 — no practical attacks. Best known weakness is theoretical: in 2024, researchers found differential characteristics in 31 of 64 rounds. The full algorithm remains secure with no plausible cryptanalytic path forward. Conservative estimate: 10-20 more years of safety, longer if quantum computers do not materialize at scale.
SHA-3 (not in this tool) — a completely different design (Keccak sponge construction) standardized in 2015 as a hedge against SHA-2 ever being broken. Use it if you need diversity in your cryptographic supply chain; SHA-256 is otherwise still the default for new systems.

The avalanche property, demonstrated

Type two near-identical inputs into the calculator above — hello and Hello, say — and compare the SHA-256 outputs. Despite the inputs differing by a single bit (the case of the first letter), the outputs share essentially nothing. About half of the 256 output bits flip with any single-bit input change. This is called the avalanche property and is the reason hashes work as fingerprints: even if you had a million similar inputs, you could not recognize which two were closely related from their digests alone.

Hash Generator

Results

Embed This

What people actually use hashes for

Picking the right algorithm

The mistake to never make: SHA-256 for passwords

Collision history, in 30 seconds

The avalanche property, demonstrated

Related Calculators

UUID Generator

HMAC Generator

Password Strength

You Might Also Need

Secure Random Generator

HMAC Generator

Password Generator

Recommended Reading

How Much Should You Tip? A Complete Tipping Guide

GPA Calculator: How to Calculate Your Grade Point Average