Compute cryptographic hashes of text or files. MD5 and SHA-1 are deprecated for security (use only as checksums); use SHA-256 or SHA-512 for anything that matters.
| Algorithm | Output size | Status (2026) | Use for |
|---|---|---|---|
| MD5 | 128 bits / 32 hex | Broken (collisions in seconds) | Non-security checksums only. |
| SHA-1 | 160 bits / 40 hex | Broken (SHAttered, 2017) | Legacy interop only. |
| SHA-256 | 256 bits / 64 hex | Secure | Default choice. Used by Git, Bitcoin, TLS. |
| SHA-384 | 384 bits / 96 hex | Secure | Truncated SHA-512. Used in TLS 1.3. |
| SHA-512 | 512 bits / 128 hex | Secure | Faster on 64-bit CPUs. Belt-and-braces choice. |
For password storage use bcrypt, scrypt, or Argon2 — not these.
Is MD5 still safe?
For security: no — collisions are trivial. For non-adversarial checksums (download integrity, deduplication where no attacker is involved), it's still fine.
SHA-256 or SHA-512?
Both are secure. SHA-256 produces shorter output (64 hex chars). SHA-512 is faster on 64-bit hardware and gives more headroom. Default to SHA-256 unless you have a reason.
Can I hash passwords with this?
No. SHA-anything is too fast to be safe for passwords. Use bcrypt, scrypt, Argon2, or PBKDF2 with high iteration count.
Does my file get uploaded?
No. Files are read locally and hashed in your browser. Nothing is transmitted.