Cryptographic Tools
What It Does
Calculates hash digests (MD5, SHA-1, SHA-256, SHA-384, SHA-512, SHA3-256, SHA3-512) and HMAC values for any text or hex input.
How to Use It
- Enter or paste your text in the input field.
- Select the hash algorithm from the dropdown.
- For HMAC, toggle HMAC mode on and enter your secret key.
- The hash/HMAC result appears in the output.
- Click “Copy” to copy the result.
Options Explained
| Option | Description |
|---|---|
| Algorithm | The hash function to use (MD5, SHA-1, SHA-256, etc.) |
| Input encoding | Text (UTF-8) or Hex — determines how input bytes are interpreted |
| Output encoding | Hex or Base64 — format of the displayed hash |
| HMAC mode | When enabled, computes a keyed HMAC instead of a plain hash |
| HMAC key encoding | Text, Hex, or Base64 — how the secret key is decoded |
Example
Input: hello, Algorithm: SHA-256 → 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
About Cryptographic Hashing
A cryptographic hash function is a one-way mathematical algorithm that maps arbitrary-length input data to a fixed-size digest. Unlike encryption, hashing is irreversible — you cannot recover the original message from its hash. Even a single-bit change in the input produces a completely different output, a property known as the avalanche effect.
This tool supports the most widely used hash families: MD5 (128-bit, legacy only), SHA-1 (160-bit, deprecated for security), SHA-2 (SHA-256 and SHA-512), and SHA-3 (Keccak-based). It also supports HMAC (Hash-based Message Authentication Code), which combines a secret key with the hash to provide both integrity and authenticity verification.
Collision resistance and pre-image resistance are the two key security properties. Modern applications should use SHA-256 or SHA-3 for new designs, as MD5 and SHA-1 have known collision vulnerabilities.
Common Use Cases
- Verifying file and download integrity with checksums
- Storing password digests securely (combined with salting and KDFs)
- Generating digital signatures for documents and software releases
- Creating unique content identifiers in deduplication systems
- Building Merkle trees for blockchain and version-control systems
- HMAC-based API authentication and message verification
What Is a Cryptographic Hash?
A cryptographic hash function takes an arbitrary-length input and produces a fixed-length output (the digest) with three key properties: it is deterministic (the same input always yields the same output), it is computationally infeasible to reverse (you cannot recover the input from the digest), and even a tiny change in the input produces a drastically different digest (the avalanche effect). These properties make hash functions indispensable for data integrity checks, password storage, digital signatures, and blockchain technology. Widely used algorithms include SHA-256, SHA-384, SHA-512, and the legacy SHA-1 and MD5.
Frequently Asked Questions
Can I reverse a hash to get the original text?
No. Cryptographic hash functions are one-way by design. You cannot recover the input from the digest. The only way to “crack” a hash is through brute-force or dictionary attacks, which is why strong, unique inputs matter.
What is the difference between SHA-256 and MD5?
SHA-256 produces a 256-bit (64-hex-character) digest and is considered secure. MD5 produces a 128-bit (32-hex-character) digest but is vulnerable to collision attacks, meaning two different inputs can produce the same hash. Use SHA-256 or stronger for security-critical applications.
Is hashing the same as encryption?
No. Hashing is a one-way operation — you cannot decrypt a hash. Encryption is two-way: data is encrypted with a key and can be decrypted with the corresponding key. They serve different purposes.
Is my data sent to a server?
No. All hashing runs locally in your browser using the Web Crypto API. Your input is never transmitted or stored.
All hashing is performed entirely in your browser using the Web Crypto API. No data is transmitted to any server, ensuring complete privacy.