How to generate a hash online
jsonsql.dev generates cryptographic hashes instantly in your browser. No data is sent to any server — your text and files stay on your machine.
Enter your text — type or paste the text you want to hash into the input field. Hashes are computed in real-time as you type.
Or select a file — drag and drop a file or click "Select file" to hash the file contents. Supports any file type and size.
Copy the hash — all four hash algorithms (MD5, SHA-1, SHA-256, SHA-512) are computed simultaneously. Click Copy next to any hash to copy it.
Example
Input text:
Hello, World!Hash outputs:
MD5: 65a8e27d8879283831b664bd8b7f0ad4
SHA-1: 943a702d06f34599aee1f8da8ef9f7296031d699
SHA-256: dffd6021bb2bd5b0af676290809ec3a53191dd81c7f70a4b28688a362182986f
SHA-512: 374d794a95cdcfd8b35993185fef9ba368f160d8daf432d08ba9f1ed1e5abe6cc69291e0fa2fe0006a52570ef18c19def4e617c33ce52ef0a6e5fbe318cb0387Supported hash algorithms
- MD5 — 128-bit hash, widely used for checksums. Not recommended for security purposes due to known collision vulnerabilities.
- SHA-1 — 160-bit hash. Deprecated for cryptographic use but still common for file integrity checks and git commit hashes.
- SHA-256 — 256-bit hash from the SHA-2 family. Industry standard for digital signatures, certificates, and blockchain.
- SHA-512 — 512-bit hash from the SHA-2 family. Provides maximum security and is faster than SHA-256 on 64-bit systems.
Features
- Generate MD5, SHA-1, SHA-256, and SHA-512 hashes simultaneously
- Real-time hashing as you type with debounce for performance
- Three output formats: hex lowercase, hex uppercase, and Base64
- File hashing via drag-and-drop or file picker
- Compare mode to verify a hash against all computed results
- Shows input size in bytes
- 100% client-side — no data is uploaded to any server
- Dark and light theme support
Hash Generator vs other tools
| Feature | jsonsql.dev | sha256.online | openssl (CLI) |
|---|---|---|---|
| Browser-based | Yes | Yes | No (CLI) |
| Client-side only | Yes | No (server) | Yes (local) |
| Multiple algorithms | MD5, SHA-1, SHA-256, SHA-512 | SHA-256 only | All |
| File hashing | Yes (drag-drop) | Some | Yes |
| Real-time hashing | Yes | On submit | N/A |
| Hash comparison | Yes | No | Manual |
| Output formats | Hex, uppercase, Base64 | Hex only | Hex, Base64 |
| Dark mode | Yes | No | N/A |
| No install needed | Yes | Yes | No |
What is a hash function
A cryptographic hash function produces a fixed-length fingerprint of any input data. Even changing a single character completely transforms the output — this is called the avalanche effect.
Hash functions have three essential properties:
- One-way — a hash function takes any input and produces a fixed-length output (called a digest or hash). You cannot reverse the process to recover the original input from the hash.
- Deterministic — the same input always produces exactly the same hash. Hashing "hello" with SHA-256 will produce the same 64-character hex string every time, on every machine.
- Avalanche effect — even the smallest change to the input (a single bit flip, adding a space, changing one letter) produces a completely different hash output. This makes it impossible to guess the input by looking at similar hashes.
These properties make hash functions essential building blocks in cryptography, data integrity verification, digital signatures, password storage, and content-addressable storage systems like Git.
Hash algorithm comparison
MD5 and SHA-1 are cryptographically broken — do not use them for security. SHA-256 is the minimum recommended hash for integrity verification and digital signatures.
| Property | MD5 | SHA-1 | SHA-256 | SHA-512 |
|---|---|---|---|---|
| Output length (bits) | 128 | 160 | 256 | 512 |
| Hex characters | 32 | 40 | 64 | 128 |
| Security status | Broken (collisions found in 2004) | Deprecated (SHAttered attack, 2017) | Secure | Secure |
| Speed (relative) | Fastest | Fast | Moderate | Faster than SHA-256 on 64-bit CPUs |
| Common use cases | Checksums, cache keys, non-security deduplication | Git commit hashes, legacy systems | TLS certificates, blockchain, digital signatures, file verification | High-security applications, HMAC, large-data integrity |
| Recommended for new projects | No (non-security only) | No | Yes | Yes |
Common use cases for hashing
Hashing is one of the most widely used operations in software engineering and security. Here are the most common real-world applications:
- File integrity verification — when you download software, the publisher provides a SHA-256 checksum. You hash the downloaded file and compare the result to verify no corruption or tampering occurred during transfer.
- Password storage — secure systems never store passwords in plaintext. Instead, they store the hash of the password combined with a unique salt. When you log in, the system hashes your input and compares it to the stored hash. For password hashing specifically, use specialized algorithms like bcrypt, scrypt, or Argon2 — they are intentionally slow to resist brute-force attacks.
- Data deduplication — storage systems hash file contents to detect duplicates. If two files produce the same hash, they are (almost certainly) identical, so only one copy needs to be stored.
- Digital signatures — rather than signing an entire document (which would be slow), the document is first hashed, and then the hash is signed with a private key. The recipient verifies the signature by hashing the document and checking the signed hash.
- Content-addressable storage — Git uses SHA-1 hashes to identify every object (commits, trees, blobs). Docker image layers are identified by their SHA-256 digest. This means the content itself determines its address.
- API request signing (HMAC) — HMAC (Hash-based Message Authentication Code) combines a secret key with a hash function to authenticate API requests. AWS, Stripe, and most webhook providers use HMAC-SHA256 to sign requests.
Hashing in different programming languages
Here are code examples for generating a SHA-256 hash in popular languages and environments:
JavaScript (browser)
async function sha256(text) {
const data = new TextEncoder().encode(text);
const hash = await crypto.subtle.digest('SHA-256', data);
return Array.from(new Uint8Array(hash))
.map(b => b.toString(16).padStart(2, '0'))
.join('');
}
await sha256('Hello, World!');
// "dffd6021bb2bd5b0af676290809ec3a53191dd81c7f70a4b28688a362182986f"Node.js
const crypto = require('crypto');
const hash = crypto.createHash('sha256')
.update('Hello, World!')
.digest('hex');
// "dffd6021bb2bd5b0af676290809ec3a53191dd81c7f70a4b28688a362182986f"Python
import hashlib
hash = hashlib.sha256(b'Hello, World!').hexdigest()
# "dffd6021bb2bd5b0af676290809ec3a53191dd81c7f70a4b28688a362182986f"Command line (Linux/macOS)
echo -n "Hello, World!" | sha256sum
# dffd6021bb2bd5b0af676290809ec3a53191dd81c7f70a4b28688a362182986f
# Or for a file:
sha256sum myfile.zipHash vs encryption vs encoding
Hashing is a one-way operation — you cannot recover the original input from a hash. This is fundamentally different from encryption (reversible with a key) and encoding (reversible without a key).
| Property | Hashing | Encryption | Encoding |
|---|---|---|---|
| Reversible? | No (one-way) | Yes (with key) | Yes (no key needed) |
| Output length | Fixed (e.g., 256 bits) | Variable (depends on input) | Variable (depends on input) |
| Purpose | Integrity, verification, fingerprinting | Confidentiality, protecting secrets | Data format conversion |
| Key required? | No | Yes (symmetric or asymmetric) | No |
| Security feature? | Yes | Yes | No |
| Examples | SHA-256, MD5, bcrypt | AES, RSA, ChaCha20 | Base64, URL encoding, UTF-8 |
| Same input = same output? | Yes (deterministic) | No (with IV/nonce) | Yes |
A common mistake is using encoding (like Base64) for security — Base64 is not encryption and provides zero confidentiality. Another common mistake is using general-purpose hash functions (like SHA-256) for password storage — use bcrypt or Argon2 instead, as they are designed to be slow and resistant to brute-force attacks.
Related tools
Frequently asked questions
What is the difference between MD5, SHA-1, SHA-256, and SHA-512?
They differ in output length and security level. MD5 produces a 128-bit hash (32 hex characters), SHA-1 produces 160-bit (40 hex characters), SHA-256 produces 256-bit (64 hex characters), and SHA-512 produces 512-bit (128 hex characters). SHA-256 and SHA-512 are currently considered secure for cryptographic use, while MD5 and SHA-1 have known vulnerabilities.
What is the difference between hashing and encryption?
Hashing is a one-way operation — you cannot recover the original input from a hash. Encryption is a two-way operation — encrypted data can be decrypted back to the original using a key. Hashing is used for integrity verification and password storage, while encryption is used to protect confidentiality of data.
Can two different inputs produce the same hash?
Yes, this is called a hash collision. Since hash functions map infinite possible inputs to a fixed-length output, collisions must theoretically exist. For secure algorithms like SHA-256, finding a collision is computationally infeasible (would take billions of years). For broken algorithms like MD5, collisions can be generated in seconds.
Why shouldn't I use MD5 or SHA-1 for security?
MD5 has been cryptographically broken since 2004 — attackers can generate collisions (two different inputs with the same hash) in seconds. SHA-1 was broken in 2017 with the SHAttered attack. Using these for digital signatures, certificate verification, or password hashing is dangerous because an attacker could forge valid-looking data. Use SHA-256 or SHA-512 instead.
What hash algorithm should I use?
For general-purpose integrity verification, use SHA-256 — it is the industry standard with excellent security and wide support. For password hashing, do not use SHA-256 directly; use bcrypt, scrypt, or Argon2, which are designed to be slow and memory-hard to resist brute-force attacks. SHA-512 is a good choice when you need extra security margin or when running on 64-bit systems where it can be faster than SHA-256.
How does password hashing work?
Secure password hashing combines the password with a unique random salt (to prevent rainbow table attacks), then applies a deliberately slow hash function like bcrypt or Argon2 thousands of times. When a user logs in, the system hashes the entered password with the same salt and compares the result. Even if the hash database is stolen, attackers cannot reverse the hashes to recover passwords.