How to use the MD5 & SHA Hash Generator

Type or paste your text. The tool instantly computes MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes in real time. MD5 and SHA-1 are shown for legacy use (file integrity, ETag, cache keys) — never for security. SHA-256 and above are the modern standard.

Pourquoi cet outil est important

Hash functions turn any input into a fixed-length fingerprint. Webhook signatures use HMAC-SHA-256 to verify the payload came from the real source. Password storage uses bcrypt or Argon2 (which use SHA-256 internally). File integrity checks compare SHA-256 of a download against the published value. The tool gives you fast access to all common hashes for any of these tasks.

Cas d'utilisation courants

• Verifying a downloaded file matches the published SHA-256
• Computing ETag values for HTTP cache control
• Generating a stable cache key for a content fingerprint
• Debugging webhook signature verification (compute the expected HMAC)
• Comparing two strings for equality without storing them
• Generating idempotency keys for API calls

Why MD5 and SHA-1 are unsafe for security

MD5 was broken in 2004 — collisions can be generated in seconds. SHA-1 was broken in 2017 (Google\u2019s SHAttered project). Both are still acceptable for non-security uses (cache keys, ETags, file fingerprints where collision risk is acceptable) but should NEVER be used for password hashing, digital signatures, or any context where an attacker could exploit a collision.

Foire aux questions

Should I use this for password hashing?
No — use bcrypt or Argon2 directly. Raw SHA-256 of a password is far too fast to compute, making it brute-forceable in seconds.

Why are the hashes different lengths?
MD5 is 128 bit (32 hex chars), SHA-1 is 160 bit (40 hex chars), SHA-256 is 256 bit (64 hex chars), etc. Longer hashes are harder to collide and brute-force.

Can I get back the original from the hash?
No — hashes are one-way. The only way to “reverse” a hash is brute force or a precomputed table (rainbow table). Always salt before hashing if you don\u2019t want both.

Why does the same string give the same hash every time?
That\u2019s the point — hash functions are deterministic. Same input always produces the same output, which is how integrity checks work.