Hash Generator
Generate SHA-1, SHA-256, SHA-384, and SHA-512 hashes from any text using the Web Crypto API.
About Hashing
Hashing is a one-way function — you cannot reverse a hash to get the original text. SHA-256 and SHA-512 are cryptographically secure and widely used for checksums, password storage (with salting), and data integrity verification. This tool uses the browser-native Web Crypto API and no data leaves your browser.
Hashing runs entirely in your browser using the Web Crypto API. Your input text is never sent to CodeAva servers and is not stored between sessions. Hashing is a one-way operation — inputs cannot be recovered from a hash value.
Overview
A hash function takes an input of any length and produces a fixed-length output — the hash value, or digest — that is unique to that input. Even a single character difference in the input produces a completely different hash. This makes hashes useful for integrity checks: if two hash values match, the inputs are identical; if they differ, something changed.
This tool supports four SHA family algorithms: SHA-1 (160-bit, legacy), SHA-256 (256-bit, widely used), SHA-384 (384-bit), and SHA-512 (512-bit, highest output length). All four use the browser-native Web Crypto API, which means hashing happens locally on your device and no data is transmitted.
SHA-256 is the current general-purpose standard. SHA-512 produces a longer digest useful when collision resistance is a priority. SHA-1 is included for legacy compatibility — it is no longer considered cryptographically safe for new security applications, but it is still encountered in older systems and file integrity checks.
Use cases
When to use it
- Integrity verificationgenerate a hash of a file or string, share the hash, and let the recipient confirm the value matches after download or transfer.
- Checksum comparisoncompare expected vs actual hash values when debugging data pipelines, build systems, or deployment artifacts.
- Testing hashing workflowsconfirm that your application is producing the correct hash for a known input before integrating into code.
- API signature debuggingmanually compute HMAC-adjacent values or verify that a pre-computed hash matches what your server expects.
- Quick deduplication checkshash two strings to quickly confirm whether they are byte-for-byte identical.
When it's not enough
- Password storage without saltingnever store plain SHA hashes of passwords. Use a purpose-built slow hashing algorithm like bcrypt, scrypt, or Argon2 with a random salt instead.
- Encryption or data protectionhashing is not encryption. A hash cannot be reversed to recover the original input, but it also does not protect the input from being discovered — it only confirms identity.
- Security-sensitive SHA-1 usageSHA-1 has known collision vulnerabilities. Do not use it for digital signatures, certificates, or any new security-sensitive context.
How to use it
- 1
Enter your text
Type or paste the text you want to hash into the input field. Any input is accepted — a single character or a multi-line block.
- 2
Select algorithms
Toggle one or more algorithms — SHA-1, SHA-256, SHA-384, SHA-512. Multiple can be selected to compare outputs side by side.
- 3
Click Generate
The tool computes the hash(es) using the Web Crypto API in your browser. Results appear immediately below.
- 4
Copy the hash value
Use the copy button next to each result to copy the hex-encoded hash string to your clipboard.
- 5
Compare as needed
Paste or compare the hash value against an expected value to verify integrity. Even a one-character input difference will produce a completely different output.
Common errors and fixes
Hash does not match expected value
The most common cause is a whitespace difference: a trailing newline, a space, or different line endings (CRLF vs LF) between the two inputs. Hashing is exact — even invisible characters produce a different result. Strip trailing whitespace and normalise line endings before comparing.
Different tools produce different hashes for the same input
Check the encoding. Some tools hash the UTF-8 byte representation while others hash a different encoding. This tool uses TextEncoder (UTF-8). Also confirm both tools are using the same algorithm — SHA-256 and SHA-512 produce different digests for the same input.
Expecting to recover the original text from the hash
Hashing is a one-way function. There is no way to reverse a SHA hash to recover the original input. If you need reversible encoding, use Base64 instead — but be aware that Base64 is not secure, it is encoding not encryption.
Using SHA-1 for a new security application
SHA-1 is broken for collision resistance — two different inputs can be engineered to produce the same hash. Use SHA-256 or SHA-512 for any new security-sensitive use case.
Using any SHA hash alone for password storage
Fast hash algorithms like SHA-256 can be brute-forced against common passwords at billions of guesses per second on modern hardware. For password storage use bcrypt, scrypt, or Argon2 — they are intentionally slow and include per-password salts.