About the Hash Generator

A cryptographic hash function converts any input into a fixed-length string called a digest. The same input always produces the same hash, but changing even one character produces a completely different output. Hash functions are one-way: you cannot reverse a hash back to the original input, making them ideal for verifying data integrity and storing passwords.

Which algorithm should you use?

MD5 (128-bit) — fast but cryptographically broken. Use for checksums only, never for passwords or security.
SHA-1 (160-bit) — deprecated for security. Still found in legacy systems and Git object IDs.
SHA-256 (256-bit) — the current standard for TLS, code signing, and Bitcoin. Recommended for new applications.
SHA-512 (512-bit) — maximum collision resistance. Used in high-security contexts.

How to verify a file integrity hash

Download a file and the publisher's expected hash. Run sha256sum filename on Linux/Mac, or Get-FileHash filename in PowerShell. Compare the output character by character — if they match exactly, the file has not been tampered with.

Hashing in authentication systems

Modern authentication stores a salted hash of the password rather than the password itself. When a user logs in, the server hashes the provided password with the stored salt and compares the result to the stored hash — the plaintext password is never stored or transmitted. This means a database breach does not immediately expose user passwords, though weak passwords remain crackable via rainbow tables.

Salt — a random value added to each password before hashing; prevents identical passwords from having identical hashes
Pepper — a secret value stored server-side (not in the database) added to passwords; adds an extra layer
bcrypt — a purpose-built slow password hash with adjustable work factor; current best practice
PBKDF2 — key derivation function used in WPA2 passwords and many legacy authentication systems

Frequently Asked Questions

What is a cryptographic hash?

A hash is a fixed-length string produced by a one-way mathematical function. It is deterministic (same input always gives the same output) and practically irreversible. Common uses include verifying file integrity, storing passwords securely, and generating digital signatures.

What is the difference between MD5 and SHA-256?

MD5 produces a 128-bit hash and is cryptographically broken — deliberate collisions can be generated. SHA-256 produces a 256-bit hash with no known practical attacks. For any security-sensitive use, always choose SHA-256 or stronger.

Can I use this tool to hash passwords?

No. MD5 and SHA functions are too fast for password storage — attackers can test billions of guesses per second. Passwords should use purpose-built slow algorithms like bcrypt, scrypt, or Argon2, which are designed to resist brute-force attacks.

Why does hashing the same text always produce the same result?

Hash functions are deterministic by design. This property makes them useful for integrity verification: if a file produces the same hash before and after transmission, you know the file was not altered in transit.

How do I calculate a SHA-256 hash on the command line?

Linux/Mac: echo -n "your text" | sha256sum. Windows PowerShell:

Write-Host ([System.BitConverter]::ToString([System.Security.Cryptography.SHA256]::Create().ComputeHash([System.Text.Encoding]::UTF8.GetBytes("your text"))) -replace "-","")