ToolNimba Browse

🔐 Hash Generator (SHA-1, SHA-256, SHA-512)

By ToolNimba Editorial Team · Updated 2026-06-19

SHA-1 (160-bit, legacy)
SHA-256 (256-bit, recommended)
SHA-512 (512-bit)

Hashes update automatically as you type.

MD5 is not offered here: it is cryptographically broken and is not part of the Web Crypto API. Use SHA-256 or stronger for anything security related.

This hash generator turns any text into SHA-1, SHA-256, and SHA-512 hex digests at once. Type or paste your input and all three hashes appear instantly, each with a copy button. Everything is computed in your browser using the built-in Web Crypto API, so your text never leaves your device and nothing is sent over the network.

What is the Hash Generator?

A cryptographic hash function takes input of any length and produces a fixed-size string of bytes, usually shown as hexadecimal. The same input always produces the same digest, but even a one-character change produces a completely different result (the "avalanche effect"). Good hash functions are one-way: you cannot feasibly reverse a digest back into the original text, and you cannot easily find two different inputs that share the same digest. These properties make hashes useful for verifying file integrity, indexing data, and storing password verifiers (with a salt and a slow algorithm).

This tool covers the SHA family. SHA-1 produces a 160-bit (40 hex character) digest and is now considered broken for security: practical collision attacks exist, so it should only be used for non-security tasks like legacy checksums. SHA-256 and SHA-512 belong to the SHA-2 family and produce 256-bit (64 hex character) and 512-bit (128 hex character) digests respectively. Both are widely trusted and are the right default for new work. SHA-512 is not "more secure for everyone": on 64-bit hardware it can be faster than SHA-256, but SHA-256 is the more common choice in protocols and certificates.

MD5 is intentionally not offered. It is cryptographically broken, with trivial collision attacks, and it is not part of the Web Crypto API that powers this tool. If you only need a non-cryptographic checksum, SHA-256 is a better default. Note also that hashing here is computed over the UTF-8 bytes of your input, so the same visible text in a different encoding can produce a different digest.

When to use it

  • Generating a SHA-256 checksum to verify that a downloaded file or pasted snippet has not been altered.
  • Producing a stable, fixed-length key from a longer string for caching, deduplication, or database indexing.
  • Comparing a value against an expected hash published by a vendor or release page.
  • Learning and testing how hashing works while building or debugging an application.

How to use the Hash Generator

  1. Type or paste your text into the input box.
  2. Read the SHA-1, SHA-256, and SHA-512 digests, which update automatically as you type.
  3. Click the Copy button next to any hash to copy that digest to your clipboard.
  4. Pick SHA-256 (or SHA-512) for anything security related, and treat SHA-1 as legacy only.

Formula & method

digest = HASH(UTF-8 bytes of input). SHA-1 = 160 bits (40 hex chars), SHA-256 = 256 bits (64 hex chars), SHA-512 = 512 bits (128 hex chars). The output length is fixed no matter how long the input is.

Worked examples

Hash the lowercase string abc with SHA-256.

  1. Encode "abc" as its three UTF-8 bytes: 61 62 63.
  2. Feed those bytes into the SHA-256 algorithm.
  3. Read the 64-character hexadecimal digest.

Result: ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad

Hash an empty input (no text) with SHA-1.

  1. The input is zero bytes long, which is still valid.
  2. SHA-1 of an empty message is a well-known constant.
  3. The digest is always the same 40-character value for empty input.

Result: da39a3ee5e6b4b0d3255bfef95601890afd80709

Hash the string abc with SHA-512.

  1. Encode "abc" as UTF-8 bytes.
  2. Run SHA-512, which outputs 512 bits.
  3. The result is 128 hexadecimal characters long.

Result: ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f

SHA algorithm comparison

AlgorithmOutput sizeHex charactersStatus
SHA-1160 bits40Broken, legacy use only
SHA-256256 bits64Recommended, widely used
SHA-512512 bits128Strong, fast on 64-bit CPUs
MD5128 bits32Broken, not offered here

Known digests of common inputs (UTF-8, SHA-256)

InputSHA-256 digest (first 16 hex chars)
(empty string)e3b0c44298fc1c14
abcba7816bf8f01cfea
Hello, ToolNimbaf05758140f6dc49b

Common mistakes to avoid

  • Treating SHA-1 as secure. SHA-1 has practical collision attacks and should not be used for signatures, certificates, or password storage. Use SHA-256 or SHA-512 for anything where security matters.
  • Expecting hashing to be reversible. A hash is one-way. There is no "decrypt" step. If you need to recover the original value you want encryption, not hashing. Sites that claim to "decode" SHA-256 are just looking it up in a table of precomputed inputs.
  • Storing raw password hashes. A plain SHA-256 of a password is too fast and unsalted, so it is weak against brute force. For passwords use a slow, salted algorithm such as bcrypt, scrypt, or Argon2 instead of a bare SHA digest.
  • Ignoring encoding differences. This tool hashes the UTF-8 bytes of your text. The same characters encoded as UTF-16, or with a trailing newline added, will produce a different digest. Match the encoding of whatever you are comparing against.

Glossary

Hash function
An algorithm that maps input of any size to a fixed-size output, designed so the same input always yields the same result.
Digest
The fixed-size output of a hash function, often shown as a hexadecimal string.
SHA-2
A family of secure hash algorithms that includes SHA-256 and SHA-512, published by NIST and widely used today.
Collision
When two different inputs produce the same hash digest. A strong hash function makes finding one infeasible.
Salt
A random value added to input (typically a password) before hashing so that identical inputs hash differently.
Hex (hexadecimal)
A base-16 number system using 0-9 and a-f. Each hex character represents 4 bits, so two characters represent one byte.

Frequently asked questions

What is a hash generator?

A hash generator turns text into a fixed-length digest using a hash function such as SHA-256. It is used to verify integrity, index data, and build password verifiers. This tool generates SHA-1, SHA-256, and SHA-512 at once.

How do I generate a SHA-256 hash?

Paste your text into the input box above and the SHA-256 digest appears instantly. Click Copy next to it to copy the 64-character hex value. Everything runs in your browser, so nothing is uploaded.

Can a SHA hash be reversed or decrypted?

No. SHA hashes are one-way functions, so there is no way to compute the original input from a digest. So-called hash "decrypters" simply look up the answer in a table of previously seen inputs, which only works for common values.

Is SHA-256 or SHA-512 more secure?

Both are part of the trusted SHA-2 family and are considered secure. SHA-512 has a larger output and can be faster on 64-bit hardware, but SHA-256 is more common in protocols and certificates. For most uses SHA-256 is a fine default.

Why is MD5 not available?

MD5 is cryptographically broken, with trivial collision attacks, and it is not included in the browser Web Crypto API that powers this tool. For checksums or security use SHA-256 or stronger instead.

Is my text uploaded anywhere when I hash it?

No. The hashes are computed locally in your browser using the Web Crypto API. Your input never leaves your device and no network request is made. The page does need a secure context (https or localhost) for the crypto API to work.