Hash generator
Hash Generator
Hashes are one-way fingerprints — they are not encryption.
When to use what
- SHA-256/SHA-512 for checksums and content fingerprints.
- HMAC-SHA256 for message authentication (requires a secret).
- bcrypt for passwords (slow + salted).
MD5 warning
MD5 is fast and collision-prone. Use it only for non-security checksums (like file integrity in trusted workflows), not for passwords, signatures, or security decisions.
bcrypt notes
- Higher cost means slower hashing (better against brute force, but heavier for servers).
- Hashes include their salt, so the same password produces different hashes.
- Store only the bcrypt hash; verify with a password check routine.
How it works
Hashes your input with WebCrypto (SHA-1/256/384/512) or bcrypt (in-browser worker) and outputs in hex or Base64. Nothing leaves your device.
- Hashing is one-way; keep original data if you need to compare later.
- Use bcrypt for passwords, not SHA/MD5.
Quick examples
Toggle encoding to fit your workflow.
Mini FAQ
Why avoid MD5?
It has collisions; keep it for non-security checksums only.
Which SHA variant?
SHA-256 is standard; SHA-512 for longer digests.
How do I verify bcrypt?
Use bcrypt verify with the stored hash; rehash on login if cost increases.
Related tools