tooloora

Hash Generator — SHA-256, SHA-512 & more, local

Generate SHA-1, SHA-256, SHA-384 and SHA-512 checksums of any text — computed in your browser, nothing uploaded.

Runs locally — nothing is uploaded

SHA-1
SHA-256
SHA-384
SHA-512

Runs locally in your browser — no upload.

Generate SHA hashes in your browser

Type or paste any text and get its SHA-1, SHA-256, SHA-384 and SHA-512 checksums at once, updating live as you type. Copy any digest with one click. Hashing uses your browser's built-in Web Crypto API, so nothing is uploaded, nothing is logged, and it works offline.

What is a hash and what is it for?

A hash function maps any input to a fixed-length digest. The same input always yields the same digest, and changing a single character changes the whole output — yet you can never run it backwards to recover the input. That makes hashes ideal for verifying integrity (does this download match the published checksum?) and for storing passwords without keeping the password itself.

Which algorithm should you use?

AlgorithmDigest lengthUse today?
SHA-1160-bit (40 hex)legacy only — broken since a practical collision in 2017
SHA-256256-bit (64 hex)recommended default
SHA-384384-bit (96 hex)higher-security contexts
SHA-512512-bit (128 hex)higher-security contexts

SHA-256 underpins TLS certificates, software signing, Git and Bitcoin. SHA-1 is shown for compatibility with older systems, but Google demonstrated a real SHA-1 collision ("SHAttered") in 2017, so it must not be used for security. MD5 is intentionally omitted — it's broken and the Web Crypto API doesn't provide it.

Hashing is one-way, not encryption

You cannot decode a hash back to the text — there is no "decrypt" here. Attackers can only guess candidate inputs and compare digests, which is why long, unique inputs (and salting for passwords) matter.

Private by default

Your text is hashed locally with your device's own resources; it never leaves the browser. That makes this safe for checking sensitive strings, and it keeps working without a network connection.

Frequently asked questions

What is a hash (checksum)?

A hash function turns any input into a fixed-length string of characters — the digest. The same input always gives the same digest, while the tiniest change produces a completely different one. Hashes are used to verify that a file or message hasn't changed and to store passwords safely.

Which algorithms are supported, and why no MD5?

SHA-1, SHA-256, SHA-384 and SHA-512, computed with the browser's built-in Web Crypto API. MD5 and SHA-1 are cryptographically broken for security use; SHA-256 or stronger is recommended. MD5 isn't offered because Web Crypto doesn't include it and it shouldn't be used for security.

Is my text uploaded to compute the hash?

No. Hashing runs entirely in your browser via the Web Crypto API. Your text never leaves your device — there's no server call, no logging, and it works offline.

Can I reverse a hash back to the original text?

No. Hashing is one-way by design: you cannot recover the input from the digest. Attackers can only guess inputs and compare, which is why long, unique inputs (and salting for passwords) matter.

Why is SHA-256 so widely used?

SHA-256 produces a 256-bit (64 hex character) digest and is the backbone of TLS certificates, software signing, Git and Bitcoin. It is fast, well-studied and has no known practical collisions, making it the sensible default today.

Related tools

Base64 Encode & Decode — local, UTF-8 safeEncode and decode Base64 (incl. URL-safe), UTF-8 correct, 100% in your browser.Password Generator — strong, random & localStrong random passwords with length, character classes and a strength meter.URL Encode & Decode — percent-encoding, localPercent-encode/decode URLs and query values (component or full URI), 100% local.