Paste two hash strings to verify they are identical. Useful for confirming file integrity after download, or checking password digests match.
What Is a Cryptographic Hash?
A hash function takes any input — text, a file, a password — and produces a fixed-length hexadecimal string called a digest. The same input always yields the same digest, but even a single character change flips roughly half the output bits (the avalanche effect). Hashes are one-way: you cannot reverse a digest to recover the original data.
| Algorithm | Output | Status | Common Use |
|---|---|---|---|
| MD5 | 128 bits / 32 hex | Deprecated for security | Checksums, non-critical verification |
| SHA-1 | 160 bits / 40 hex | Deprecated (SHAttered 2017) | Legacy systems, Git internals |
| SHA-256 | 256 bits / 64 hex | Current standard | TLS certs, Bitcoin, code signing |
| SHA-512 | 512 bits / 128 hex | Current standard | High-security digests, 64-bit optimised |
How to Use This Tool
Text Input — type or paste any string. With Live update checked, all four hashes refresh automatically as you type. Toggle Uppercase to switch hex case. Use Copy All to export all hashes as labelled text, or copy them individually.
File Hash — drag and drop any file onto the upload zone (or click to browse). The file is read using the browser’s FileReader API and hashed locally — it is never sent to a server. Ideal for verifying download integrity against a published checksum.
Compare Hashes — paste two digest strings to instantly determine if they match. The tool reports the exact character position of the first difference when they do not.
Privacy Notice
All hashing runs locally in your browser. SHA-1, SHA-256, and SHA-512 use the native Web Crypto API (SubtleCrypto). MD5 is implemented in pure JavaScript. No data leaves your device.
Encode or decode text with Base64, URL, HTML, and more → Universal Encoder/Decoder
Decode JWT tokens and inspect headers and claims → JWT Decoder