SHA-256 Hash Generator
Calculate a SHA-256 hash from text locally in your browser.
SHA-256
Hash
Cryptography
Hashing & Password Security
Generate hashes online with SHA-256, SHA-512, SHA-3, SHA-1, and MD5; create keyed HMAC values; and derive or verify password hashes with Argon2, bcrypt, and PBKDF2. All calculations run locally in your browser.
Hash Calculator
Pick an algorithm and compute the cryptographic hash of any text directly in your browser. Supports SHA-1, SHA-256, SHA-384, SHA-512.
Input
0 chars · 0 bytes
Try:
Hash
✓ Client-side processing only
✓ Input is not sent to server
Encoding Tools
HMAC Generator
Generate an HMAC from text with a secret key in your browser.
HMAC
HMAC-SHA256
Message authentication
SHA-1 Hash Generator
Calculate a SHA-1 hash from text locally in your browser.
SHA-1
Hash
Legacy
SHA-512 Hash Generator
Calculate a SHA-512 hash from text locally in your browser.
SHA-512
Hash
SHA-2
MD5 Hash Generator
Calculate an MD5 hash from text locally in your browser.
MD5
Hash
Checksum
SHA3-256 Hash Generator
Calculate a SHA3-256 hash from text locally in your browser.
SHA3-256
Keccak
Sponge
SHA3-512 Hash Generator
Calculate a SHA3-512 hash from text locally in your browser.
SHA3-512
Keccak
FIPS 202
BLAKE2b Hash Generator
Calculate a BLAKE2b hash from text locally in your browser.
BLAKE2b
Fast
Argon2
PBKDF2 Online - Key Derivation
Derive and verify PBKDF2-HMAC keys in your browser.
PBKDF2
KDF
Password hashing
PBKDF2-HMAC-SHA256
Key derivation
Password verifier
bcrypt Online - Password Hashing
Generate or verify bcrypt password hashes in your browser.
bcrypt
KDF
Password hashing
bcrypt generator
bcrypt verifier
Password hash verifier
Cost factor
Argon2 Online - Password Hashing
Generate or verify Argon2 password hashes in your browser.
Argon2
Argon2id
OWASP recommended
Password hashing
PHC format
Memory-hard KDF
CRC32 Online Calculator
Calculate a CRC32 checksum from text locally in your browser.
CRC32
Checksum
IEEE 802.3
Popular Tasks
Generate a SHA-256 hash → SHA-256
Calculate a 256-bit digest for text, integrity checks, identifiers, and modern application workflows.
SHA-256
Calculate an MD5 checksum → MD5
Reproduce legacy MD5 fingerprints for compatibility and non-security-critical data comparisons.
MD5
Create a keyed HMAC → HMAC
Authenticate API requests, webhook payloads, and messages with HMAC-SHA-256 or another supported SHA variant.
HMAC
Generate or verify an Argon2 hash → Argon2
Test memory-hard password hashing with configurable parameters and verify passwords against encoded hashes.
Argon2
Generate or verify a bcrypt hash → bcrypt
Create salted bcrypt password hashes with an adjustable cost factor or check an existing hash.
bcrypt
Derive a key with PBKDF2 → PBKDF2
Configure the salt, iterations, hash function, and key length, then derive or verify a password-based value.
PBKDF2
What is hashing?
Hashing transforms text into a fixed-length value called a hash, digest, fingerprint, or checksum. The same input and algorithm always produce the same output, while even a small change to the input normally produces a very different digest. This makes a hash calculator useful for comparing data, detecting accidental changes, building cache keys, and preparing values for cryptographic protocols.
A cryptographic hash is designed to work in one direction. It does not encrypt a message and does not contain a key that can be used to restore the original text. Instead of “decrypting” a hash, systems verify data by hashing a candidate value with the same settings and comparing the results.
Choose the right hash algorithm
Use SHA-256 as a strong general-purpose default for integrity checks, identifiers, and modern integrations. SHA-512 provides a longer 512-bit digest, while SHA-3 offers a modern design based on the Keccak construction. Choose the exact algorithm required by the system or published checksum you need to match.
MD5 and SHA-1 remain useful for legacy compatibility, non-adversarial checksums, and reproducing existing identifiers, but both have known collision weaknesses and should not be chosen for new security-sensitive designs. A matching digest only has meaning when the algorithm, input bytes, character encoding, capitalization, whitespace, and line endings are identical.
Hash, HMAC, and password hashing are different
A regular hash takes only the message as input. HMAC combines a message with a secret key, allowing two parties that share the key to detect changes and authenticate webhook payloads, API requests, and other signed messages. A plain SHA-256 digest cannot replace HMAC because anyone can calculate it.
Passwords need a deliberately slow, salted password hashing function rather than a fast general-purpose hash. Argon2id is memory-hard and suitable for modern password storage; bcrypt offers broad compatibility and an adjustable cost; PBKDF2 derives keys through repeated hashing and is useful where standards or platform support require it. These tools can generate test hashes and verify a password against an existing result.
How to use the online hashing tools
Open a hash generator, enter the text exactly as it should be processed, select an algorithm where available, and copy the hexadecimal result. To reproduce a checksum, preserve every space, newline, and character. For HMAC, also provide the shared secret and its format. For Argon2, bcrypt, or PBKDF2, configure the available salt and work-factor settings or switch to verification mode.
Calculations run locally in your browser, so the entered text, password, salt, and HMAC key are not sent to the server for processing. The tools are convenient for learning, development, interoperability checks, and debugging. For production credentials and signing secrets, use a reviewed server-side cryptographic library and your application’s secure secret-management workflow.
Often Used Together
Compare SHA-256 and SHA-512 output lengths and match the algorithm required by an integration.
Contrast an unkeyed SHA-256 digest with HMAC-SHA-256 authentication using a shared secret.
Compare memory-hard Argon2 password hashing with the widely supported bcrypt format and cost model.
FAQ
No. Hashing is a one-way transformation, not reversible encryption. A value can be tested by hashing the candidate with the same algorithm and settings, then comparing the resulting digest. Weak passwords may still be guessed through dictionary or brute-force attacks, which is why passwords need salts and slow password hashing functions.
Use SHA-256 as a practical default for new general-purpose integrity and fingerprinting tasks, unless a protocol requires SHA-512, SHA-3, or another specific algorithm. Use MD5 or SHA-1 only when compatibility requires them, not for collision-resistant security.
Cryptographic hash functions are designed so that a tiny input change produces a substantially different digest. Spaces, capitalization, punctuation, Unicode representation, and line endings all count as input and can change the result.
Encryption is reversible with the correct key and is used to keep data confidential. Hashing produces a one-way fingerprint for comparison or verification. HMAC adds a secret key to provide message authentication, but it still does not encrypt the message.
No. Fast general-purpose hashes make large-scale password guessing too cheap. Use a salted password hashing function such as Argon2id, bcrypt, or PBKDF2 with an appropriate work factor, and rely on a maintained authentication library in production.
A salt is a unique random value combined with a password before password hashing. It prevents identical passwords from producing identical stored results and makes precomputed attacks less useful. A salt normally does not need to be secret and is commonly stored alongside the encoded password hash.
HMAC uses a hash function and a shared secret to authenticate a message and detect modification. Common uses include webhook verification, API request signing, and message authentication. It is not the same as a plain checksum or a digital signature based on public-key cryptography.
No. The hashing, HMAC, and password-hashing calculations in this category run locally in your browser. Even so, avoid pasting live production passwords or secret keys into general-purpose tools; use your application’s trusted cryptographic libraries and secret-management process.