TOOLS / HASH GENERATOR
Hash Generator
Compute MD5 / SHA-1 / SHA-256 / SHA-384 / SHA-512 from text or a file. Runs entirely in your browser — input never leaves your device.
Or (max 100 MB)
What it does
Hashing is the foundation of cryptographic integrity. The same input always produces the same hash; a single byte change produces a completely different one. Our hash generator computes five algorithms simultaneously: MD5, SHA-1, SHA-256, SHA-384, SHA-512. Everything runs in your browser via the WebCrypto API; nothing is uploaded. Drop in a file up to 100 MB and the hash is computed locally without ever leaving your machine.
How to use it
- Type text into the textarea — hashes update on every keystroke.
- Or upload a file — the hash is computed locally as you select it.
- Click any hash row to copy it to your clipboard.
- Compare with a vendor-provided hash to verify download integrity.
- For malware sample triage, paste the hash into our Hash Reputation tool.
Common use cases
Download integrity verification
When a vendor publishes a checksum next to a download (Linux ISOs, software installers), compute the hash of your downloaded copy and compare.
Sample fingerprinting
In incident response, you need a stable identifier for an artifact — SHA-256 is the universal one.
Password salting research
Test how MD5 vs Argon2 behave on known wordlists (for understanding, not crackiing your users’ passwords).
Git troubleshooting
Verify SHA-1 hashes of git objects when investigating repository corruption.
Frequently asked questions
Which algorithm should I use? +
For new code: SHA-256 (universal) or SHA-512 (faster on 64-bit CPUs). For interop with legacy systems: MD5 or SHA-1 still work for non-security identifiers. Never use MD5/SHA-1 for password hashing or signature verification.
Is MD5 safe? +
For non-security identifiers (file dedupe, checksums), yes. For security (passwords, signatures), NO — MD5 is cryptographically broken (collisions can be found in seconds).
Where is my data sent? +
Nowhere. WebCrypto runs entirely in your browser. Check your DevTools Network tab — zero outbound requests when you compute a hash.
Can I hash multiple files? +
Not in bulk via this UI. Drop one file at a time. For batch hashing, use sha256sum (Unix) or Get-FileHash (PowerShell).
Max file size? +
100 MB. WebCrypto can handle larger but browser memory becomes the constraint.
Related tools
Hash Reputation Checker
MalwareBazaar + VirusTotal cross-check. Drag a file in — hashed locally in your browser.
Encoder / Decoder
Base64, hex, URL, HTML, ROT13, binary — converted live as you type. All in your browser.
JWT Decoder
Decode header + payload locally. Flags alg=none, expired tokens, weak algorithms. Never sent to a server.
Related coverage on Ciphers Security
- MacSync Stealer: Hackers Abuse Google Ads and Claude.ai Chats to Push Mac Malware
- Twelve Critical vm2 Node.js Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
- Dirty Frag: Public Root Exploit Hits All Major Linux Distros, Partial Patch Only
- CVE-2025-68670: Critical Pre-Auth RCE in xrdp Exposes Linux Remote Desktop Servers
- PyPI Malware Campaign Abuses Zulip Chat API as Command-and-Control Channel
Free for everyone, no signup required. Tool runs at /tools/hash-generator/ — bookmark or share.