Hash Generator
Generate MD5, SHA-1, SHA-2 (224/256/384/512), and SHA-3 digests of any text, and create or verify bcrypt hashes — entirely in your browser.
About this tool
Type or paste text to get its digest under every common algorithm at once: MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, and SHA-3 (256/512). Useful for checksums, cache keys, comparing values against what a database or API returns, and quickly answering "which algorithm produced this hash?" by matching lengths.
The Bcrypt tab generates password hashes with a selectable cost factor and verifies a password against an existing hash — handy for seeding test fixtures or checking what a stored $2b$ hash corresponds to. Everything runs locally; neither text nor passwords leave your browser.
Frequently asked questions
Are MD5 and SHA-1 safe to use?+
Not for security: practical collision attacks exist for both, which is why they are marked legacy here. They remain fine for non-adversarial uses like checksums, cache keys, and deduplication. For anything security-related use SHA-256 or stronger, and for passwords use bcrypt or argon2.
Why is my hash different from echo | md5sum on my machine?+
echo appends a trailing newline, so you are hashing a different string — use echo -n (or printf). Encoding matters too: this tool hashes the UTF-8 bytes of your text, which matches most modern languages' defaults.
Can a hash be reversed to get the original text?+
No — hashing is one-way. But short or common inputs can be found by brute force or lookup tables, which is exactly why passwords need a slow, salted algorithm like bcrypt rather than a bare SHA-256.
Why does bcrypt give a different hash for the same password every time?+
Each hash embeds a random salt, so two hashes of the same password differ — that is by design. Verification works because the salt is stored inside the hash itself ($2b$10$<salt><digest>). Use the Verify section to check a password against a hash instead of comparing strings.
What cost factor should I use for bcrypt?+
The cost is exponential: each +1 doubles the work. 10 is a common default; 12 is a reasonable choice for new systems if your servers can absorb ~250ms per login. Pick the highest value your latency budget tolerates.