Free Hash Generator Online

What Is a Hash Generator? How Cryptographic Hashing Works

A hash generator is a tool that applies a mathematical algorithm — called a hash function — to any input text and produces a fixed-length output called a hash digest or checksum. Feed the same input into the same hash algorithm and you always get the same output. Change even a single character of the input and the output changes completely. This avalanche effect is what makes hashing so useful in software development, security, and data integrity verification.

Hash functions are one-way: you cannot reconstruct the original input from the hash digest alone. This is different from encryption, which is designed to be reversed with the correct key. Hashing is used wherever you need to verify data without storing or transmitting the original — passwords, file integrity checks, digital signatures, and API authentication are the four most common applications.

MD5 Hash Generator — Fast Checksum, Broken for Security

MD5 remains the most searched hash algorithm online because of its decades of legacy use. The MD5 hash generator produces a 128-bit (32 hex character) digest from any input. While extremely fast, MD5 is cryptographically broken — collision attacks have been demonstrated since 2004, meaning two different inputs can produce the same MD5 hash. Never use MD5 for password storage, digital signatures, or certificate fingerprints.

Where MD5 is still acceptable in 2026: verifying downloaded file integrity against a published MD5 checksum (where the attacker cannot substitute both the file and checksum), deduplicating large datasets, legacy database systems where migration is impractical, and generating non-security identifiers such as cache keys or ETags.

The MD hash generator family on this page also includes MD2 (1989, fully deprecated), MD4 (1990, broken by 1995, basis for NTLM), MD6-128/256/512 (2008 SHA-3 competition candidate by Ron Rivest — experimental, not standardized for production).

SHA-256 Hash Generator — The Gold Standard

SHA-256 is the most widely deployed cryptographic hash function in active use. It belongs to the SHA-2 family standardized by NIST and produces a 256-bit (64 hex character) digest. SHA-256 is used in Bitcoin mining proof-of-work, TLS/HTTPS certificate chains, code signing, file integrity verification, JWT signatures, and HMAC-SHA-256 API authentication.

This free online SHA-256 hash generator computes SHA-256 digests using the browser's native Web Crypto API (crypto.subtle.digest), which is hardware-accelerated on modern CPUs. You get the same output as OpenSSL, Python's hashlib.sha256, or the sha256sum command-line tool.

SHA-1 Hash Generator

SHA-1 produces a 160-bit (40 hex character) digest. It was the most-used hash function from the mid-1990s until the mid-2010s, powering TLS certificates, SSH fingerprints, and Git commit IDs. NIST deprecated SHA-1 for digital signatures in 2011, and practical collision attacks were demonstrated by Google's SHAttered project in 2017. Git has since moved toward SHA-256 for new repositories. Use SHA-256 or SHA-3 for new designs.

SHA-512 Hash Generator

SHA-512 produces a 512-bit (128 hex character) digest. On 64-bit hardware it is often faster than SHA-256 because modern CPUs can process 64-bit operations more efficiently. SHA-512 is the preferred choice when maximum collision resistance is needed, for long-term archival integrity, or when designing HMAC keys for high-security APIs. SHA-384 and SHA-512/256 are truncated variants also supported in this tool.

SHA-3 Hash Generator — Keccak & FIPS 202

SHA-3 (also known as Keccak) is a completely different algorithm family from SHA-1 and SHA-2, standardized by NIST in FIPS 202 (2015). It uses a sponge construction rather than the Merkle–Damgård structure used by MD5, SHA-1, and SHA-2, giving SHA-3 a stronger theoretical security model against length-extension attacks.

The four SHA-3 variants — SHA3-224, SHA3-256, SHA3-384, and SHA3-512 — produce 224, 256, 384, and 512-bit digests respectively. SHA3-256 is the direct drop-in replacement for SHA-256 in systems that want the Keccak design, though SHA-256 itself remains secure and is more widely supported. Select the SHA-3 tab on this free sha hash generator to compute all four variants simultaneously.

RIPEMD Hash Generator — RIPEMD-160, RIPEMD-256 & RIPEMD-320

The RIPEMD family was designed in Europe in the 1990s and remains notable for its use in Bitcoin: a Bitcoin address is derived by applying SHA-256 then RIPEMD-160 to an elliptic curve public key. Our tool supports all four RIPEMD variants:

SRI Hash Generator — Subresource Integrity for CDN Security

Subresource Integrity (SRI) is a browser security feature that prevents CDN-served scripts and stylesheets from being tampered with. You provide a hash of the expected file content in the integrity attribute of your <script> or <link> tag. If the loaded file's hash does not match, the browser blocks execution.

To generate an SRI hash: enable SRI mode in this tool, paste your file content into the input, select SHA-256 (for shorter output), SHA-384 (most common default), or SHA-512 (maximum security), and the tool outputs the ready-to-paste sha384-BASE64== value. All three SRI-compatible algorithms are computed simultaneously.

SRI is supported in all modern browsers and is strongly recommended for any third-party JavaScript or CSS loaded from a CDN. Without SRI, a compromised CDN could serve malicious code that executes silently in your users' browsers.

NTLM Hash Generator — Windows NT Authentication

The NTLM hash (also called the NT hash) is Microsoft Windows' legacy password representation format. It is computed as the MD4 hash of the UTF-16LE encoding of the plaintext password — making it fast to compute and therefore vulnerable to brute-force attacks with GPU cracking tools. Microsoft has deprecated NTLM authentication in favor of Kerberos and modern protocols as of 2024.

The NT hash generator on this page computes the NTLM hash for any input string using the correct UTF-16LE encoding. This is useful for penetration testing exercises, Active Directory audit tools, and understanding legacy authentication systems. Use this tool only on systems you own or have explicit authorization to test.

CRC32 & CRC16 Hash Generator — Checksums Explained

CRC (Cyclic Redundancy Check) algorithms are not cryptographic hash functions — they are error-detection codes designed to catch accidental corruption, not deliberate tampering. CRC32 produces a 32-bit (8 hex character) checksum and is used in ZIP archives, gzip, PNG files, Ethernet frames, and ZFS storage. CRC16 produces a 16-bit checksum used in Modbus, USB communications, and serial protocols.

Adler-32 is a simpler 32-bit checksum used by the zlib compression library (and therefore PNG and HTTP gzip responses). It is faster than CRC32 but provides slightly weaker error detection. None of CRC16, CRC32, or Adler-32 should be used for security purposes — an attacker can trivially produce a different file with the same CRC checksum.

Whirlpool Hash Generator — ISO/IEC Standard

Whirlpool is a 512-bit cryptographic hash function designed by Paulo Barreto and Vincent Rijmen, standardized in ISO/IEC 10118-3:2018. It uses a Miyaguchi–Preneel construction with an AES-like internal cipher and produces 128 hex characters of output. Whirlpool is less commonly used than SHA-2 or SHA-3 but appears in security-sensitive European systems and academic research. This free Whirlpool generator computes digests entirely in your browser.

Using Hash Functions in PHP — hash_hmac & hash() Function

PHP's built-in hash() function supports over 50 algorithms. The most common patterns:

Use hash_equals() when comparing hashes to prevent timing attacks. The PHP password hash generator for user passwords should use password_hash($password, PASSWORD_ARGON2ID) rather than any of the above — Argon2id is the OWASP-recommended algorithm for password storage in 2026.

WordPress Password Hash Generator — wp_hash_password()

WordPress uses the phpass library with bcrypt (in WordPress 6.4+, upgraded from MD5-based phpass) to hash user passwords. The WordPress hash generator for passwords uses wp_hash_password($password) which automatically salts and applies multiple rounds. You should never store WordPress passwords as plain MD5 — the correct tool for generating WordPress-compatible password hashes is the WordPress admin panel itself or WP-CLI.

If you are verifying a WordPress password hash for debugging purposes, use wp_check_password($password, $hash). The MD5 and SHA-256 hash generators on this page are useful for verifying data integrity in WordPress plugins (e.g., webhook signatures using hash_hmac('sha256', $payload, $secret)) but not for user password management.

Which Hash Algorithm Should You Use in 2026?

The right choice depends entirely on your use case:

• File integrity verification: SHA-256 is the standard. It is fast, universally supported, and secure. Use SHA-512 for archival-grade security.
• Subresource Integrity (CDN): SHA-384 is the recommended default. SHA-256 is also acceptable. SHA-512 provides the highest assurance.
• API authentication / HMAC: HMAC-SHA-256 is the industry default (used by AWS Signature Version 4, GitHub webhooks, Stripe, Twilio, and most modern APIs). HMAC-SHA-512 for higher security requirements.
• Password storage: Do NOT use any hash on this page directly. Use Argon2id (first choice), bcrypt (widely supported), or scrypt. Use a dedicated password hashing library — never raw MD5, SHA-1, or even SHA-256.
• Blockchain / cryptocurrency: SHA-256 (Bitcoin proof of work, many altcoins). RIPEMD-160 for address generation (Bitcoin). SHA3-256 for Ethereum (Keccak variant).
• Legacy compatibility: MD5 or SHA-1 only when required by a system you cannot modify. Document the risk.
• Post-quantum considerations: SHA-256 and SHA-3 are considered quantum-resistant for pre-image resistance. Hash functions require doubling the output size (SHA-512 → equivalent to SHA-256 classically) for collision resistance against quantum adversaries.