Hash Generator — MD5, SHA‑1, SHA‑256, SHA‑512

About Hash Generator

The AT USE Hash Generator computes MD5, SHA-1, SHA-256, and SHA-512 hashes simultaneously from any text string or file. All four algorithms run in your browser using the Web Crypto API's SubtleCrypto interface and the spark-md5 library for MD5 — no server receives your input. You can disconnect from the internet after the page loads and hash sensitive files without any data leaving your device.

MD5 and SHA-1 — fast, but not secure

MD5 (128-bit output) and SHA-1 (160-bit output) are the oldest of the four algorithms on this page, and both are cryptographically broken for security use cases. Collision attacks against MD5 have been practical since 2004; SHA-1 collision attacks became practical in 2017 when the Google SHAttered project found the first real-world collision. This means a deliberate attacker can craft two different files that produce the same MD5 or SHA-1 hash — making these algorithms unsuitable for digital signatures, certificates, and password storage. For detecting accidental corruption during file downloads or data transfers, MD5 and SHA-1 are still commonly used because accidental collisions are statistically impossible; the weakness is exploitable only with deliberate effort.

SHA-256 and SHA-512 — current standard

SHA-256 (256-bit output) and SHA-512 (512-bit output) are part of the SHA-2 family, standardized by NIST in 2001. No practical collision attack against either has been found as of 2025. SHA-256 is used in Bitcoin's proof-of-work algorithm and address derivation, TLS 1.3 certificate signing, code-signing in Windows and macOS, and software download verification (apt, brew, pip all use SHA-256 checksums). SHA-512 offers a larger security margin and is faster than SHA-256 on 64-bit processors due to native 64-bit word operations. Use SHA-256 for general-purpose hashing where compatibility matters; use SHA-512 when you need the extra margin or are hashing on a 64-bit server pipeline.

File hashing: checksums and data integrity

When you hash a file, the browser reads it as an ArrayBuffer using the FileReader API and passes the raw bytes to both the SHA family (via SubtleCrypto.digest) and spark-md5's ArrayBuffer reader. All four hashes are computed in parallel using Promise.all(), so hashing a 20 MB file produces all four results in a few seconds. The most practical use is download verification: a software publisher publishes the SHA-256 hash of an installer; you download the installer and hash it here; if the hashes match, the file arrived intact and unmodified. This is the same technique used by Linux distributions for ISO verification and by package managers for dependency integrity.