Web Crypto omits MD5 by design — it's been considered cryptographically broken since 2004. For non-security use cases (file deduplication, cache busting) prefer SHA-256, which is similar performance on modern hardware.

SHA-1 is included — it's still the standard for Git object IDs and many legacy APIs. Don't use it for new security applications: collisions have been demonstrated (SHAttered, 2017).

What hash should I use for passwords?

None of these. Passwords need a slow, salted KDF (Argon2id, bcrypt, scrypt). Plain SHA hashes are trivially crackable with GPUs at billions of attempts per second. Convertitive will ship a password-strength estimator later — it intentionally won't help you hash passwords.

Are the hashes deterministic?

Yes. Identical input always produces an identical hash. This is the whole point of a hash function.

What output format is used?

Hex-encoded, lowercase, no leading 0x. SHA-256 produces a 64-character string, SHA-512 produces 128 characters.

Can I hash a binary file?

Not directly with this tool — it takes a text input. Drop the file into a Base64 tool first, paste the encoded form here, but note that the resulting hash is of the Base64 representation, not the raw bytes. A binary-file hash tool is on the roadmap.

Is the input sent anywhere?

No. The Web Crypto API runs entirely in your browser. Convertitive's server never sees what you paste.

Hash Generator — SHA-1, SHA-256, SHA-384, SHA-512

Four SHA variants, computed live in your browser as you type.

Buğra SözeriDeveloper

Updated May 22, 2026 · Published August 10, 2025

A cryptographic hash is a fixed-length fingerprint of an input. Change a single character in the input and the entire hash changes; finding two distinct inputs that produce the same hash is computationally infeasible (for any algorithm except MD5 and SHA-1 in adversarial settings — see our SHA-256 vs MD5 and SHA-1 vs SHA-256 comparisons). Convertitive computes four SHA variants — SHA-256is the modern default — using your browser’s Web Crypto API — fast, hardware- accelerated, and never reaches a server.

Input

SHA-1
…
SHA-256
…
SHA-384
…
SHA-512
…

Computed locally via the browser’s Web Crypto API. MD5 is not offered— it’s cryptographically broken and Web Crypto omits it by design. Use SHA-256 or stronger wherever security matters.

How to use

Paste your input
Any text: a password, a JSON payload, the contents of a small file pasted as text. Encoding is UTF-8.
Read the hashes
All four variants compute simultaneously. SHA-256 is the modern default; SHA-512 is preferred when bigger collision resistance margins matter (long-lived archives, signing keys).
Copy what you need
Each row has a copy button. Hash output is hex-encoded — lowercase, no prefix.

Frequently asked questions

Why no MD5?: Web Crypto omits MD5 by design — it's been considered cryptographically broken since 2004. For non-security use cases (file deduplication, cache busting) prefer SHA-256, which is similar performance on modern hardware.
Why no SHA-1?: SHA-1 is included — it's still the standard for Git object IDs and many legacy APIs. Don't use it for new security applications: collisions have been demonstrated (SHAttered, 2017).
What hash should I use for passwords?: None of these. Passwords need a slow, salted KDF (Argon2id, bcrypt, scrypt). Plain SHA hashes are trivially crackable with GPUs at billions of attempts per second. Convertitive will ship a password-strength estimator later — it intentionally won't help you hash passwords.
Are the hashes deterministic?: Yes. Identical input always produces an identical hash. This is the whole point of a hash function.
What output format is used?: Hex-encoded, lowercase, no leading 0x. SHA-256 produces a 64-character string, SHA-512 produces 128 characters.
Can I hash a binary file?: Not directly with this tool — it takes a text input. Drop the file into a Base64 tool first, paste the encoded form here, but note that the resulting hash is of the Base64 representation, not the raw bytes. A binary-file hash tool is on the roadmap.
Is the input sent anywhere?: No. The Web Crypto API runs entirely in your browser. Convertitive's server never sees what you paste.

About

The SHA-2 family

Standardized by NIST in 2001. SHA-256 and SHA-512 are the workhorses; SHA-384 is SHA-512 truncated to 384 bits, used by some specific protocols (TLS cipher suites, Apple's CryptoKit defaults).

Performance trade-offs

On 64-bit hardware, SHA-512 is sometimes faster than SHA-256 despite producing more bits. On constrained devices (microcontrollers, smart cards), the opposite is true. For text input at this size, all four computations are effectively instant.

Sources & references

Authoritative references behind the math, constants, and tables on this page. Verified by Buğra Sözeri on the dates shown and re-checked at every deploy.

NIST FIPS 180-4 — Secure Hash Standard — Authoritative specification for SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 algorithms implemented here(as of 2026-05-21)
RFC 1321 — The MD5 Message-Digest Algorithm — IETF specification for MD5 (offered for legacy compatibility only — broken for collision resistance since 2004)(as of 2026-05-21)
W3C Web Cryptography API — SubtleCrypto.digest — Browser-native hashing API used by the widget for fast, audited implementations(as of 2026-05-21)

Related guide

Need to pick between SHA-256, SHA-512, MD5, or a password hash like bcrypt? The full guide explains pre-image resistance, collision attacks, and when each family is the right tool.

Read: Cryptographic hashing explained →