thaivh tools
All Tools

Hash Generator

Generate MD5, SHA-1, SHA-256, and SHA-512 hashes instantly. Hash text or files client-side with HMAC support. Uses Web Crypto API — no data sent to servers.

Enter text or drop a file to generate hash

Supported Hash Algorithms

MD5 (128-bit)

Fast checksum, cryptographically broken. Use only for non-security purposes.

SHA-1 (160-bit)

Deprecated for security. Suitable for legacy compatibility only.

SHA-256 (256-bit)

Industry standard. Secure for cryptography, TLS certificates, and blockchain.

SHA-512 (512-bit)

Maximum security. Ideal for high-security applications and future-proofing.

Common Use Cases

File Integrity Verification: Download software from the web and compare its SHA-256 hash against the publisher's checksum to verify it hasn't been tampered with.
API Authentication: Generate HMAC signatures with a secret key to authenticate API requests without transmitting the key.
Data Deduplication: Use hashes to identify identical files or data blocks across storage systems.
Digital Forensics: Generate hash lists of evidence files to prove data hasn't changed during investigation.

Security Best Practices

Important: This tool generates raw hashes. For password storage, use specialized algorithms:

  • Use bcrypt, scrypt, or Argon2 with proper salt for passwords
  • Never use raw MD5, SHA-1, or SHA-256 for password storage
  • HMAC is safe for message authentication, not password hashing
  • Always verify file hashes over HTTPS to prevent MITM attacks

Frequently Asked Questions

What is a hash function?
A hash function is a mathematical algorithm that converts input data of any size into a fixed-size string of characters. The same input always produces the same hash, and even a tiny change in the input creates a completely different hash. Hashes are one-way functions — you cannot reverse a hash to recover the original data.
What is the difference between MD5, SHA-1, SHA-256, and SHA-512?
MD5 produces 128-bit hashes and is now considered cryptographically broken — suitable only for checksums. SHA-1 produces 160-bit hashes and is also deprecated. SHA-256 (256-bit) and SHA-512 (512-bit) are part of the SHA-2 family and are currently secure for cryptographic purposes. Always prefer SHA-256 or SHA-512 for security applications.
What is HMAC?
HMAC (Hash-based Message Authentication Code) uses a cryptographic hash function and a secret key to verify both data integrity and authenticity. Unlike regular hashing, HMAC ensures that the message was sent by someone with the secret key. It's commonly used in API authentication and JWT tokens.
Can I reverse a hash to get the original text?
No. Hash functions are designed to be one-way — you cannot mathematically reverse a hash. However, simple passwords can be cracked using rainbow tables (precomputed databases of password-hash pairs). This is why passwords should always be salted and hashed with slow functions like bcrypt or Argon2, not raw SHA-256.
Why would I hash a file?
File hashing is commonly used to verify data integrity and authenticity. By comparing a file's hash against a known value, you can confirm the file hasn' been corrupted or tampered with. Software publishers often provide SHA-256 checksums so users can verify downloads haven't been modified.
Are my inputs and files secure?
Yes. All hashing happens entirely in your browser using JavaScript. No data is sent to any server, stored, logged, or transmitted. The file or text you hash exists only in your browser's memory and is discarded when you leave the page. The MD5 library and Web Crypto API both run client-side.
Which hash algorithm should I use?
For cryptographic security, use SHA-256 or SHA-512. SHA-256 is the industry standard for most applications including TLS certificates, blockchain, and password hashing (with proper salting). SHA-512 provides even more security for high-value applications. MD5 and SHA-1 should only be used for non-security purposes like simple checksums.
What is salt in password hashing?
A salt is random data added to passwords before hashing to prevent rainbow table attacks. Each password should have a unique salt, which is stored alongside the hash. This way, even if two users have the same password, their hashes will be different. This tool doesn't add salt — use bcrypt, scrypt, or Argon2 for password storage.