WebToolsBox
Back to Blog
Security6 min read·February 28, 2026

Hash Generator Guide: MD5, SHA-1, SHA-256, and SHA-512 Explained

Learn about cryptographic hash functions — MD5, SHA-1, SHA-256, and SHA-512. Understand when to use each hash type and generate hashes online for free.

What Is a Hash Function?

A hash function takes any input (text, file, password) and produces a fixed-size string of characters called a hash or digest. The key properties:

  • Deterministic — the same input always produces the same hash
  • One-way — you cannot reverse a hash to get the original input
  • Unique — different inputs produce different hashes (ideally)
  • Fixed-length — the output is always the same length regardless of input size

Common Hash Algorithms

MD5 (Message Digest 5)

  • Output: 128-bit (32 hex characters)
  • Example: 5d41402abc4b2a76b9719d911017c592 (hash of "hello")
  • Speed: Very fast
  • Security: Broken — do NOT use for security purposes
  • Use for: File checksums, non-security cache keys

SHA-1 (Secure Hash Algorithm 1)

  • Output: 160-bit (40 hex characters)
  • Example: aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d (hash of "hello")
  • Speed: Fast
  • Security: Deprecated — collision attacks exist
  • Use for: Legacy systems, git commit hashes

SHA-256 (SHA-2 family)

  • Output: 256-bit (64 hex characters)
  • Example: 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
  • Speed: Moderate
  • Security: Strong — current industry standard
  • Use for: Password hashing, digital signatures, blockchain, data integrity

SHA-512 (SHA-2 family)

  • Output: 512-bit (128 hex characters)
  • Speed: Slightly slower than SHA-256
  • Security: Very strong
  • Use for: High-security applications, when maximum security is needed

When to Use Each Hash

Use CaseRecommended Hash

Password storageSHA-256 + salt (or bcrypt/argon2)
File integrity checksSHA-256
Digital signaturesSHA-256 or SHA-512
Cache keysMD5 (speed matters, security doesn't)
Git commitsSHA-1 (by convention)
BlockchainSHA-256
API request signingSHA-256

How Hashing Works in Practice

Password Storage

Never store passwords in plain text. Instead:

  • User creates password: "MyP@ssw0rd"
  • Generate a random salt: "x7k2m9"
  • Hash the combination: SHA-256("x7k2m9" + "MyP@ssw0rd")
  • Store the salt and hash in the database
  • On login, repeat the process and compare hashes

    • File Integrity Verification

    When downloading software:

  • Publisher provides SHA-256 hash of the file
  • You download the file
  • Generate SHA-256 hash of your downloaded file
  • Compare the hashes — if they match, the file is unmodified

    • API Security

    Many APIs use hash-based message authentication (HMAC):

  • Combine the request data with a secret key
  • Generate a SHA-256 hash
  • Include the hash in the request header
  • Server verifies by generating the same hash

    • Hash Collisions

    A collision occurs when two different inputs produce the same hash. This is a critical security issue:

    • MD5 — collisions can be generated in seconds. Never use for security.
    • SHA-1 — collisions demonstrated in 2017 (SHAttered attack). Deprecated.
    • SHA-256 — no known collisions. Considered secure.
    • SHA-512 — no known collisions. Highest security.

    Generate Hashes Online

    Use our free Hash Generator to create MD5, SHA-1, SHA-256, and SHA-512 hashes instantly. All processing happens in your browser — your data is never sent to any server.

    Try it with any text, compare different algorithms side by side, and verify file integrity — all free, all private.

    #hash generator#md5#sha256#cryptographic hash#data integrity

    Try Our Free Online Tools

    100+ free tools for developers, designers, and everyone. No sign-up required.

    Browse All Tools