Skip to content

SHA-256 Hash Generator (Online)

Compute the SHA-256 hash of any text instantly and free, in your browser. 256-bit, 64-hex-char digest, hex or Base64 output - verify file checksums and integrity.

Output format:
SHA-256

-

SHA-1

-

SHA-384

-

SHA-512

-

Paste a string and we compute its SHA-256 digest - 256 bits / 64 hexadecimal characters - right in your browser. The most widely deployed cryptographic hash today, used in TLS certificates, Bitcoin, JWT signatures (HS256/RS256) and Subresource Integrity.

How to use it

  1. Paste your text

    Drop a string into the input. The hash recomputes on every keystroke.

  2. Pick the output format

    Hex is the default and the format most CLIs print. Switch to Base64 when you're embedding the digest in a URL or HTTP header.

  3. Compare with the expected value

    Use the copy button to paste the hash next to the one published by the file's source, or alongside a server-side digest.

What is it?

A cryptographic hash function takes any input and produces a fixed-size fingerprint that's effectively impossible to reverse and (for modern hashes) effectively impossible to collide with a different input. SHA-256 outputs 256 bits (64 hex characters), SHA-512 outputs 512 bits, and so on. The hash for the same input is identical every time, which makes it ideal for verifying file integrity, comparing API payloads, and generating content-addressable IDs.

When to use it

Verify file downloads by comparing a published hash with the hash of the file you received. Use as content-addressable identifiers for cache keys (the hash of the inputs to a computation). Embed in HTTP integrity (`Subresource Integrity`) attributes. Use as a fingerprint for deduplication. Avoid for password storage - passwords need a slow, salted KDF like bcrypt, scrypt or Argon2, not a fast cryptographic hash.

Common mistakes

Don't use a fast hash to store passwords; SHA-256 on a GPU can try billions of guesses per second. Don't trust MD5 or SHA-1 for security-critical comparisons - both are broken. Watch the encoding: hashing 'abc' produces a different result than hashing the UTF-16 string 'abc'; the Web Crypto API hashes the UTF-8 bytes we provide.

FAQ

Why no MD5?
MD5 is broken - it's trivial to find collisions. The Web Crypto API intentionally doesn't expose it. If you need MD5 for a legacy checksum, use a dedicated library.

Rate this tool

Share your experience to help others.

Hash Generator (SHA-1, SHA-256, SHA-384, SHA-512)

Compute cryptographic hashes of text in your browser.

Try it out

More in this category