Free text tools — updated for 2025 | All Text Tools

MD5 & SHA Hash Generator

Generate MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes from any text. Also verify and compare hash strings.

Hash Generator

Hash algorithm comparison

AlgorithmOutputSecurityUse case
MD5128-bit / 32 hexBrokenChecksums, non-security use only
SHA-1160-bit / 40 hexDeprecatedLegacy systems; avoid for new work
SHA-256256-bit / 64 hexSecureSSL certs, JWT, API signatures
SHA-384384-bit / 96 hexSecureSubresource Integrity (SRI) tags
SHA-512512-bit / 128 hexVery securePassword hashing helper, high-security

Frequently Asked Questions

No — never use MD5 (or SHA-1, or raw SHA-256) to hash passwords. These are general-purpose hash functions designed to be fast, which makes them terrible for passwords — a GPU can compute billions of MD5 hashes per second, making brute-force trivial. For password storage, use bcrypt, scrypt, Argon2, or PBKDF2. These are deliberately slow, with configurable cost parameters to stay ahead of hardware advances.
Hashing is a one-way function — you can turn "hello" into a hash, but you cannot mathematically reverse the hash back to "hello." Encryption is two-way — encrypted data can be decrypted with the right key. Hashes are used to verify data integrity (did this file change?) or prove knowledge without revealing a secret (password comparison). Encryption is used when you need to recover the original data later.
HMAC (Hash-based Message Authentication Code) combines a hash function with a secret key. A plain SHA-256 hash proves the data's integrity — but anyone can compute it. An HMAC-SHA256 also proves authenticity — only someone with the secret key could have generated it. This is how webhook signatures work (Stripe, GitHub, etc. sign their payloads with HMAC-SHA256 so you can verify the request came from them). Enter a key in the "HMAC key" field above to generate HMAC variants.