Hash Generator
Generate cryptographic hashes including SHA-1, SHA-256, SHA-384, and SHA-512 from text input.
Input Text
Input Stats
Characters
13
Bytes (UTF-8)
13
Generated Hashes
Click "Generate Hashes" to create hashes
Hash Comparison
SHA-1: 160 bits - Legacy, not recommended for security
SHA-256: 256 bits - Good for most applications
SHA-384: 384 bits - Higher security
SHA-512: 512 bits - Maximum security
Note: These hashes are generated client-side using the Web Crypto API. Your input is never sent to any server.
What Is a Hash Generator and How Does It Work?
A hash generator is a tool that takes any piece of text as input and produces a fixed-length string of hexadecimal characters — called a hash, digest, or fingerprint — using a deterministic mathematical algorithm. No matter how long or short your input is, the output is always the same length for a given algorithm. Even a tiny change to the input — swapping a single character, adjusting capitalization, or adding a space — produces an entirely different hash value. This property, known as the avalanche effect, is what makes cryptographic hash functions so useful for detecting alterations and verifying data integrity.
This hash generator uses the browser's built-in Web Crypto API (crypto.subtle.digest()) to compute SHA-1, SHA-256, SHA-384, and SHA-512 hashes entirely on your device. Your input text is encoded into UTF-8 bytes using TextEncoder, passed to the digest function, and the resulting raw byte buffer is converted to a human-readable hexadecimal string. Because all computation happens client-side, your text is never transmitted to any server — making this tool safe for hashing sensitive strings during development and testing.
In addition to the four SHA family algorithms, the tool computes a simple hash using a djb2-inspired polynomial rolling algorithm — the kind commonly used in hash tables and checksums. While this simple hash is not cryptographic, it demonstrates how non-cryptographic hash functions work and is useful for illustrating the difference in output length and security properties compared to the SHA family.
Hashing is foundational to modern computing: it secures passwords, ensures file integrity, powers digital signatures, underpins blockchain technology, and enables efficient data lookup in hash tables. Understanding how to generate and interpret hash values is an essential skill for developers, security professionals, and data engineers alike.
SHA Algorithms: SHA-1, SHA-256, SHA-384, and SHA-512 Explained
The Secure Hash Algorithm (SHA) family was developed by the United States National Security Agency (NSA) and standardized by the National Institute of Standards and Technology (NIST). Each algorithm in the family produces a different output length and offers a different level of security. The tool generates hashes for all four major variants so you can compare outputs side by side.
| Algorithm | Output Length | Hex Characters | Security Status | Common Use Cases |
|---|---|---|---|---|
| SHA-1 | 160 bits | 40 | Deprecated for security use | Legacy checksums, Git object IDs |
| SHA-256 | 256 bits | 64 | Secure, widely recommended | TLS certificates, code signing, blockchain |
| SHA-384 | 384 bits | 96 | Secure, higher collision resistance | High-security applications, government use |
| SHA-512 | 512 bits | 128 | Maximum security in SHA-2 family | File integrity, digital signatures, archival |
SHA-1 was widely deployed throughout the 1990s and 2000s but was officially deprecated by NIST in 2011 after theoretical collision attacks were demonstrated. In 2017, Google's Project Zero successfully produced a practical SHA-1 collision (the SHAttered attack), confirming that SHA-1 should no longer be used for any security-sensitive purpose. It is still used in non-security contexts such as Git object identifiers, but even Git is migrating toward SHA-256.
SHA-256 and SHA-512 belong to the SHA-2 family, introduced in 2001. Both remain cryptographically secure as of 2026. SHA-256 is the standard choice for most applications due to its excellent balance of security and performance. SHA-512 produces a larger digest and can actually be faster than SHA-256 on 64-bit processors due to architectural advantages in how it processes data blocks.
SHA Hash Hex Output Conversion
Where:
- hashBuffer= Raw ArrayBuffer returned by crypto.subtle.digest(algorithm, data)
- Uint8Array(hashBuffer)= Byte-by-byte view of the hash output buffer
- b.toString(16).padStart(2, "0")= Converts each byte (0–255) to a two-character lowercase hex string (00–ff)
- hashHex= Final concatenated hexadecimal string; length = (output bits / 4) characters
The Simple Hash: djb2-Inspired Non-Cryptographic Hashing
Alongside the cryptographic SHA algorithms, this tool also computes a simple hash using a polynomial rolling function similar to the djb2 algorithm popularized by Daniel J. Bernstein. The formula applied to each character is:
simpleHash = ((simpleHash << 5) - simpleHash) + charCode
This is equivalent to simpleHash = (simpleHash * 31) + charCode because left-shifting by 5 bits multiplies by 32, and subtracting the original value gives multiplication by 31. The expression simpleHash = simpleHash & simpleHash forces the value to stay within a 32-bit signed integer range using JavaScript's bitwise AND operation — effectively clamping to 32-bit signed integer overflow behavior. The final result is converted to its absolute value and formatted as an 8-character zero-padded hexadecimal string.
Non-cryptographic hash functions like this are designed for speed rather than security. They are used extensively in hash tables, data structures, caches, and distributed systems where fast lookup matters more than collision resistance. They are not suitable for security purposes: an attacker can easily construct two different inputs that produce the same output (a collision), and the output space of only 32 bits means there are at most ~4.3 billion distinct values — trivially exhausted by modern hardware.
Comparing the simple hash output against the SHA outputs in this tool vividly demonstrates the difference: SHA-256 produces 64 hex characters (256 bits), making a brute-force collision search astronomically harder, while the simple hash's 8 hex characters (32 bits) offer no practical security. Understanding this difference is important for any developer choosing between fast hashing for data structures versus secure hashing for integrity or authentication purposes.
Real-World Applications of Cryptographic Hashing
Cryptographic hash functions are among the most widely deployed primitives in modern computing. Understanding where and how they are used helps you apply them correctly in your own projects and appreciate the importance of algorithm selection.
Data integrity verification. When you download software, the provider often publishes a SHA-256 or SHA-512 checksum alongside the file. After downloading, you compute the hash of the received file and compare it to the published value. If they match, the file was not corrupted in transit or tampered with. Package managers like npm, apt, and Homebrew use SHA hashes internally to verify every package they install.
Digital signatures and certificates. TLS/SSL certificates — the foundation of HTTPS — rely on SHA-256 hashing as part of the signing process. A certificate authority signs a hash of the certificate data with its private key; browsers verify the signature using the authority's public key. The hash ensures that even a one-byte change to the certificate is detectable.
Password storage (with key derivation functions). While raw SHA hashes should not be used to store passwords directly (they are too fast, enabling brute-force attacks), they are components of proper password hashing schemes like PBKDF2, which applies HMAC-SHA256 thousands of times to make guessing computationally expensive. For password storage, prefer purpose-built functions like bcrypt or Argon2id.
Blockchain and distributed ledgers. Bitcoin and most other blockchains use SHA-256 to link blocks: each block header contains the SHA-256 hash of the previous block, making the chain tamper-evident. Changing any historical transaction would require recomputing every subsequent block's hash — an infeasible amount of work.
Content-addressable storage. Systems like Git use SHA hashes as object identifiers. Every commit, file, and directory tree in a Git repository is identified by its SHA hash. This means two repositories with identical content will have identical object hashes, enabling efficient deduplication and distributed consistency without central coordination.
Message authentication codes (HMAC). HMAC combines a secret key with a hash function to produce a tag that proves both data integrity and authenticity. HMAC-SHA256 is used extensively in API authentication (including AWS request signing and JSON Web Tokens), where the shared secret ensures only authorized parties can generate valid tags.
Key Properties of Cryptographic Hash Functions
A cryptographic hash function must satisfy several rigorous mathematical properties to be considered secure. Understanding these properties helps you reason about what hashing can and cannot guarantee in your applications.
Determinism. The same input always produces exactly the same output. This is what makes hash-based verification possible: if you hash the same file twice under the same algorithm, you will always get the same digest. This tool demonstrates determinism by producing consistent SHA outputs every time you hash the same text.
Preimage resistance (one-way property). Given a hash output h, it should be computationally infeasible to find any input m such that hash(m) = h. This property is what makes cryptographic hashes useful for commitment schemes and integrity checks — knowing the hash does not reveal the original data.
Second preimage resistance. Given an input m1 and its hash, it should be infeasible to find a different input m2 such that hash(m1) = hash(m2). This protects against targeted substitution attacks where an attacker wants to replace a specific piece of data with something that produces the same hash.
Collision resistance. It should be computationally infeasible to find any two distinct inputs m1 and m2 such that hash(m1) = hash(m2). The birthday paradox tells us that for a hash with n-bit output, a collision can theoretically be found in approximately 2n/2 operations. For SHA-256, that is 2128 operations — far beyond any conceivable attack.
Avalanche effect. A single-bit change in the input should change approximately half the bits in the output, making it impossible to predict how output changes based on small input changes. Try hashing "Hello" and "hello" with this tool — the outputs will be completely different despite only a single character case change.
Fixed output length. Regardless of whether the input is 1 character or 1 gigabyte, SHA-256 always produces exactly 256 bits (64 hex characters). This property enables efficient storage, comparison, and transmission of hash values independent of the original data size.
Choosing the Right Hash Algorithm for Your Use Case
With multiple SHA algorithms available, selecting the right one depends on your security requirements, performance constraints, and compatibility needs. The following guidance applies to the algorithms supported by this hash generator tool.
Use SHA-256 as your default. SHA-256 is the most widely supported, well-audited, and broadly recommended algorithm in the SHA-2 family. It is required by numerous standards including TLS 1.3, the FIPS 140-3 certification framework, and most modern API specifications. If you are unsure which algorithm to choose, SHA-256 is the correct answer for general-purpose cryptographic hashing in 2026.
Use SHA-512 for high-security applications or 64-bit optimization. SHA-512 is part of the SHA-2 family and produces a 512-bit digest. On 64-bit processors, SHA-512 can actually be faster than SHA-256 because it processes 1024-bit blocks in 64-bit word operations rather than 512-bit blocks. If you are building a system that requires a larger security margin or benefits from 64-bit arithmetic, SHA-512 is a strong choice.
Use SHA-384 when standards require it. SHA-384 is derived from SHA-512 (it is SHA-512 truncated to 384 bits with a different initialization vector) and is required by certain government and financial industry standards. It offers slightly more security than SHA-256 with lower overhead than full SHA-512. Use it when compliance requirements specify it explicitly.
Avoid SHA-1 for any new security applications. SHA-1 has been broken for collision resistance since the SHAttered attack in 2017 and was deprecated by NIST years earlier. It remains in this tool for educational purposes and compatibility testing only. Never use SHA-1 for digital signatures, certificate verification, or any scenario where collision resistance matters.
Never use raw SHA for password storage. SHA algorithms are designed to be fast — a modern GPU can compute billions of SHA-256 hashes per second. This makes them completely unsuitable for direct password hashing. Use bcrypt (cost ≥ 10), Argon2id, or PBKDF2 (≥ 600,000 iterations) instead. These purpose-built password hashing functions are deliberately slow and memory-intensive, making brute-force attacks infeasible.
Worked Examples
Hashing "Hello, World!" with SHA-256
Problem:
Generate the SHA-256 hash of the string "Hello, World!" and understand the process the tool uses.
Solution Steps:
- 1Encode the input string to UTF-8 bytes using TextEncoder: "Hello, World!" becomes 13 bytes (ASCII characters map 1-to-1 to UTF-8 bytes).
- 2Pass the byte array to crypto.subtle.digest("SHA-256", data). The Web Crypto API runs the SHA-256 compression function on the padded 512-bit input block.
- 3The SHA-256 digest produces a 32-byte (256-bit) raw output buffer (ArrayBuffer).
- 4Convert the ArrayBuffer to a Uint8Array, then map each byte to its two-character lowercase hex representation: byte 0xDF → "df", byte 0xFD → "fd", etc.
- 5Join all 32 two-character hex strings to produce the 64-character final output.
Result:
SHA-256("Hello, World!") = dffd6021bb2bd5b0af676290809ec3a53191dd81c7f70a4b28688a362182986d (64 hex characters = 256 bits)
Comparing Output Lengths Across All Algorithms
Problem:
Hash the single-character string "A" with all supported algorithms to observe how output length varies while input stays constant.
Solution Steps:
- 1Input: "A" (1 character, 1 UTF-8 byte, decimal value 65).
- 2SHA-1 output: 6dcd4ce23d88e2ee9568ba546c007c63d9131c1b — 40 hex characters = 160 bits.
- 3SHA-256 output: 559aead08264d5795d3909718cdd05abd49572e84fe55590eef31d9f3a2d09e4 — 64 hex characters = 256 bits.
- 4SHA-384 output: 72cdc864afb8698ded9d748fc68a2d5af1e1e7df3c80ae68f9fccf7e571c44c3d7b4d1b5ae9a7b6bb5f5cbcf6c6b66b71 — 96 hex characters = 384 bits.
- 5SHA-512 output: 21b4f4bd9e64ed355c3eb676a28ebedaf6d8f17bdc365995b319097153044080516bd083bfcce66121a3072646994c8430cc382b8dc543e84880183bf856cff5 — 128 hex characters = 512 bits.
Result:
All algorithms produce completely different output lengths (40/64/96/128 hex characters) from the same 1-byte input, demonstrating fixed output length independent of input size.
Demonstrating the Avalanche Effect
Problem:
Hash "password" and "Password" (capitalizing the first letter) with SHA-256 to show how a single-bit change produces a completely different hash.
Solution Steps:
- 1Input 1: "password" — 8 bytes, all lowercase.
- 2SHA-256("password") = 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
- 3Input 2: "Password" — 8 bytes, first character changed from lowercase "p" (0x70) to uppercase "P" (0x50), a single-bit difference in the 6th bit of the first byte.
- 4SHA-256("Password") = 4b227777d4dd1fc61c6f884f48641d02b4d121d3fd328cb5b1ef26ce3a8f05ec
- 5Compare the two outputs: they share zero recognizable pattern. Approximately 50% of the output bits changed despite only 1 bit changing in the input — the hallmark of the SHA-256 avalanche effect.
Result:
Changing one character (one bit) in the input completely changes the SHA-256 output, confirming that hash outputs cannot be predicted from partial input knowledge.
Computing the Simple Hash for "Hello"
Problem:
Trace through the djb2-inspired simple hash algorithm the tool uses for the input "Hello" to understand how the 8-character hex output is derived.
Solution Steps:
- 1Initialize simpleHash = 0. Process each character of "Hello" (char codes: H=72, e=101, l=108, l=108, o=111).
- 2After "H": simpleHash = ((0 << 5) - 0) + 72 = 72.
- 3After "e": simpleHash = ((72 << 5) - 72) + 101 = (2304 - 72) + 101 = 2333.
- 4After "l": simpleHash = ((2333 << 5) - 2333) + 108 = (74656 - 2333) + 108 = 72431.
- 5After "l": simpleHash = ((72431 << 5) - 72431) + 108 = (2317792 - 72431) + 108 = 2245469.
- 6After "o": simpleHash = ((2245469 << 5) - 2245469) + 111 = (71854208 - 2245469) + 111 = 69608850.
- 7Result: Math.abs(69608850).toString(16).padStart(8, "0") = "042655d2" (8 hex characters).
Result:
Simple Hash("Hello") ≈ "042655d2" — an 8-character hex string (32-bit value), illustrating the compact but non-secure nature of non-cryptographic hash functions.
Tips & Best Practices
- ✓Use SHA-256 as your default algorithm for new projects — it is the most broadly supported and recommended hash in the SHA-2 family.
- ✓Never use raw SHA hashes to store passwords; always use a purpose-built slow hashing function like bcrypt or Argon2id.
- ✓The bit count displayed next to each hash equals the hex character count multiplied by 4 — each hex digit encodes exactly 4 bits.
- ✓SHA-1 is deprecated for security use since the 2017 SHAttered collision attack — use it only for legacy compatibility and never for certificates or signatures.
- ✓Test the avalanche effect: change one character in your input and observe how completely different the hash output becomes.
- ✓For verifying downloaded files, compare the SHA-256 or SHA-512 hash the publisher provides against the hash you compute locally — any mismatch indicates tampering or corruption.
- ✓On 64-bit processors, SHA-512 can actually be faster than SHA-256 for large inputs because it uses 64-bit word operations on larger 1024-bit blocks.
- ✓HMAC (Hash-based Message Authentication Code) extends SHA hashing with a secret key for API authentication — use HMAC-SHA256 for signing API requests and JWT tokens.
Frequently Asked Questions
Sources & References
Last updated: 2026-06-05
Help us improve!
How would you rate the Hash Generator?
Editorial Note
MyCalcBuddy Editorial Team
This page is maintained as an educational calculator reference.
Formula Source: Standard Mathematical References
by Various