Is my data safe? Is anything sent to a server?βΌ
No data leaves your browser. All hashing uses the Web Crypto API built into your browser (for SHA algorithms) or a local JavaScript implementation (for MD5). Files are read locally and never uploaded. Your text, files, and HMAC keys are never transmitted, stored, or logged.
Whatβs the difference between MD5, SHA-1, SHA-256, and SHA-512?βΌ
These are all cryptographic hash functions that produce fixed-size outputs from any input. MD5 produces 128-bit (32 hex character) hashes but is cryptographically broken. SHA-1 produces 160-bit (40 character) hashes but was broken in 2017. SHA-256 produces 256-bit (64 character) hashes and is the recommended standard. SHA-512 produces 512-bit (128 character) hashes for maximum security.
Which hash algorithm should I use?βΌ
For most purposes, use SHA-256. Itβs the current industry standard, used in TLS certificates, Bitcoin, code signing, and file integrity verification. Use SHA-512 for maximum security requirements. Only use MD5 or SHA-1 for legacy compatibility where security is not a concern.
Is hashing the same as encryption?βΌ
No. Hashing is one-way β you cannot reverse a hash to get the original data. Encryption is two-way β encrypted data can be decrypted with the correct key. Hashing is used for verification and integrity, not confidentiality.
What is HMAC and when do I need it?βΌ
HMAC (Hash-based Message Authentication Code) combines a secret key with a hash function. While a regular hash only proves integrity, HMAC also proves authenticity β the data came from someone who knows the secret key. Essential for webhook verification (Stripe, GitHub, Shopify) and API authentication.
Can I hash large files?βΌ
Yes. The tool reads files in chunks using streaming APIs, so it can handle files up to 2GB without running out of memory. A progress bar shows hashing progress. All processing happens locally.
How do I verify a downloaded file?βΌ
Go to the File Hash tab, drop your file, and compute its hash. Then compare the result with the checksum from the fileβs publisher. If they match, the file is authentic. You can also use the Compare tab to verify automatically.
Why does my MD5 hash have a warning?βΌ
MD5 has been cryptographically broken since 2004. Collisions can be generated in seconds. It cannot be trusted for security purposes. We include it for legacy compatibility but recommend SHA-256 for anything security-related.
Can I reverse a hash to find the original text?βΌ
No. Cryptographic hash functions are one-way. However, weak passwords can be found using rainbow tables. This is why password hashing should use bcrypt/argon2 with salting, not raw SHA-256.