SHA Hash Generator
Generate SHA-1, SHA-256, SHA-384 and SHA-512 hashes of any text, live, using your browser's native Web Crypto API. Nothing is uploaded. Last reviewed 2026-06-19.
- SHA-1
—Legacy / integrity only — cryptographically broken (collisions), not for security.- SHA-256
—The modern default for fingerprints, checksums and signatures.- SHA-384
—Truncated SHA-512; used in some TLS and certificate contexts.- SHA-512
—Largest SHA-2 digest; faster than SHA-256 on 64-bit CPUs.
What a hash is for
A cryptographic hash turns any input into a fixed-length fingerprint. The same input always produces the same digest, and even a one-character change produces a completely different one — which makes hashes ideal for verifying file integrity, comparing content, deduplication and digital signatures. Hashing is one-way: you cannot recover the original text from the hash.
Which algorithm should I use?
| Algorithm | Use |
|---|---|
| SHA-1 | Legacy / integrity only — cryptographically broken (collisions), not for security. |
| SHA-256 | The modern default for fingerprints, checksums and signatures. |
| SHA-384 | Truncated SHA-512; used in some TLS and certificate contexts. |
| SHA-512 | Largest SHA-2 digest; faster than SHA-256 on 64-bit CPUs. |
For anything security-sensitive, use SHA-256 or higher. SHA-1 and MD5 are cryptographically broken and must not be used to protect data. And remember: passwords need a salted, slow hash (bcrypt / scrypt / Argon2), never a plain SHA digest.
Frequently asked questions
- Is a hash the same as encryption?
- No. A cryptographic hash is one-way: it turns any input into a fixed-size fingerprint that cannot be reversed back into the original. Encryption is two-way (it can be decrypted with a key). Use hashing for integrity checks and fingerprints, not to "hide" recoverable data.
- Can I use this to store passwords?
- Not a plain SHA hash. Passwords must be stored with a slow, salted password-hashing function such as bcrypt, scrypt or Argon2 — never a bare SHA-256 or (worse) MD5. Fast hashes are designed to be fast, which is exactly what you do not want for passwords.
- Why is there no MD5 here?
- MD5 (and SHA-1) are cryptographically broken — practical collision attacks exist — so they should not be used for security. We focus on SHA-256 and above. SHA-1 is included only for legacy integrity comparison, clearly marked.
- Does my input leave the browser?
- No. Hashing uses your browser’s built-in Web Crypto API, so the text is processed locally and never uploaded. It also works offline once loaded.