sprytools

Hash Generator

Generate cryptographic hashes (SHA-256, SHA-512, SHA-1, MD5) from text or files instantly in your browser. Compare hashes, toggle case, and verify file integrity — 100% client-side, no data sent to any server.

Compare hashes

Did we solve your problem today?

What Is a Cryptographic Hash?

A cryptographic hash function takes any input — a text string, a file, a password — and produces a fixed-length string called a digest or hash. Even a tiny change in the input produces a completely different hash (the avalanche effect). Hashes are one-way: you cannot reconstruct the original data from the hash alone.

Supported Algorithms

AlgorithmOutput LengthStatusCommon Use
SHA-25664 hex chars (256 bits)Secure ✓Code signing, TLS, passwords
SHA-512128 hex chars (512 bits)Secure ✓High-security checksums
SHA-140 hex chars (160 bits)DeprecatedLegacy compatibility
MD532 hex chars (128 bits)BrokenNon-security file checksums

How This Tool Works

SHA-1, SHA-256, and SHA-512 use the browser’s built-in Web Crypto API (crypto.subtle.digest()). MD5 is computed via a pure-JavaScript implementation because browsers removed MD5 from SubtleCrypto due to known collision vulnerabilities.

All computation runs locally — no data is ever sent to a server.

Verifying File Integrity

When you download software, the provider often publishes a checksum. To verify:

  1. Select the downloaded file using the File tab
  2. Choose the algorithm matching the published checksum (usually SHA-256)
  3. Paste the expected hash into the Compare field
  4. A green match confirms the file is unmodified

Hash Comparison

The Compare field accepts hashes in any case (uppercase or lowercase) — comparison is case-insensitive. Leading and trailing whitespace is automatically trimmed.

When to Use Each Algorithm

SHA-256 — the modern standard. Use for file integrity, digital signatures, and any new implementation.

SHA-512 — larger digest, slightly higher security margin. Preferred in high-security contexts and is faster than SHA-256 on some 64-bit CPUs.

SHA-1 — still found in older software and legacy systems. Do not use for new security-sensitive work; collision attacks are practical.

MD5 — widely used for quick file checksums where security is not the goal. Never use for passwords, authentication, or digital signatures.

Privacy

This tool makes zero network requests. Open your browser’s Developer Tools → Network tab and hash something — you will see no outgoing connections. Your input never leaves your device.

FAQ

Which hash algorithm should I use?

For security-sensitive uses, SHA-256 or SHA-512 are recommended — they are part of the SHA-2 family and considered cryptographically secure. SHA-1 is deprecated for security purposes but still used for checksums. MD5 is broken for security (collision attacks exist) but remains common for non-security file integrity checks.

Is my file or text uploaded anywhere?

No. All hashing happens entirely in your browser using the Web Crypto API (SHA-*) and a pure-JavaScript MD5 implementation. No data ever leaves your device. You can verify this in your browser's developer tools Network tab — there are zero outgoing requests.

How do I verify a file download with a hash?

Download the file, then select it using the File tab. The tool computes its hash locally. Paste the hash provided by the software publisher into the Compare field — if the hashes match, the file is intact and unmodified.

Why is MD5 not computed by the browser's built-in crypto API?

MD5 was removed from browser SubtleCrypto implementations because it is no longer considered cryptographically secure. This tool provides MD5 via a pure-JavaScript fallback for legacy compatibility (e.g., verifying older checksums), not for security use.

What is the difference between SHA-256 and SHA-512?

SHA-256 produces a 256-bit (64 hex character) digest; SHA-512 produces a 512-bit (128 hex character) digest. SHA-512 offers a larger security margin and may be faster on 64-bit processors. For most practical purposes, SHA-256 is sufficient.