Hash Generator, SHA-256 SHA-512
Compute SHA-1, SHA-256, SHA-384, and SHA-512 hashes of any text using the browser Web Crypto API.
In your browser—your files never leave your device.
Learn moreAbout this tool
A cryptographic hash takes any input and produces a fixed-length string that changes wildly if the input changes by one bit and is impossible to reverse in any practical sense. SHA-2 (the family that includes SHA-256, SHA-384, and SHA-512) is the modern default for everything from file checksums to commit hashes to API request signatures. SHA-1 still exists in the wild — Git uses it for object IDs, plenty of legacy systems use it for checksums — but it has been cryptographically broken for collision resistance since 2017 (the SHAttered attack from CWI Amsterdam and Google), so it is fine for non-security uses and wrong for anything where forging matters. This tool runs SubtleCrypto.digest in your browser and outputs hex strings identical to what Python hashlib, Node crypto.createHash, or any standards-compliant library produces.
How to hash generator, sha-256 sha-512
-
Type or paste your input
Any text, any length. Empty input shows blank hashes; one character produces 40/64/96/128 hex characters respectively. The input is treated as a UTF-8 byte string, which matches what hashlib and crypto.createHash do by default in their respective languages.
-
Read all four hashes
The page shows SHA-1, SHA-256, SHA-384, and SHA-512 side by side, recomputing as you edit the input. Pick whichever your use case demands. For verification against a published hash, the algorithm is usually specified next to the hash value (e.g. "sha256: abc123...").
-
Copy the one you need
Each hash has its own copy button. Click and the hex string lands on your clipboard. The copy includes only the hash, not the algorithm label, so you can paste it directly into a comparison check.
-
Compare
Paste the computed hash into your verification target — a checksum file, a signed-URL parameter, an audit log — and confirm it matches. If you are doing this for download verification, the standard is to compare visually or with a single-line diff (diff <(echo "$expected") <(echo "$actual") in bash).
Features
Four algorithms in parallel
SHA-1, SHA-256, SHA-384, SHA-512 all compute on the same input and display together. No need to pick first. Useful when you are not sure which one the spec needs, or when you want to compare lengths (SHA-1 is 40 hex chars, SHA-256 is 64, SHA-384 is 96, SHA-512 is 128). The parallel computation costs almost nothing extra because SubtleCrypto is highly optimized; you get all four for the price of one.
Web Crypto API under the hood
SubtleCrypto.digest is a browser-native primitive — same code path Node's crypto module uses on the server, same underlying implementation as OpenSSL on most platforms. Output is identical hex-for-hex with hashlib.sha256(input.encode()).hexdigest() in Python, crypto.createHash("sha256").update(input).digest("hex") in Node, and equivalent calls in Go, Rust, or Java. No "JavaScript-flavored" hash — these are the real, standards-compliant outputs that interoperate with every backend.
Live computation with debounce
Hashes update as you type with a tiny debounce so the page does not stutter on long inputs. Drop in a few hundred KB of text and the hash appears in milliseconds. Empty input shows blank hashes; one character of input produces a full 40-char SHA-1 and 64/96/128-char SHA-2 hashes that all change completely when you add or remove a single byte. That avalanche property is the whole point of cryptographic hashing.
Local-only execution
crypto.subtle.digest runs in the browser. Your input is not transmitted. This matters because the most common reason to hash a string in a tool is to compare it against a known hash without revealing the original — typing a password or a secret into a server-side hash tool would be exactly the wrong move because the server then sees the secret directly. Open DevTools, watch the Network tab, hash anything, and confirm no outbound requests.
Privacy & security
SubtleCrypto.digest runs in the browser using the same FIPS 180-4 implementation OpenSSL ships on most platforms. Your input string is converted to UTF-8 bytes by TextEncoder, the digest is computed in your tab, and the hex output is rendered into the DOM. Hashing is one of those operations where running it remotely defeats the point: the most common reason to hash a string is to derive a verifier without exposing the original secret, and pasting that secret into a server-side tool would directly contradict the goal.