PureTools
Hash Generator
Generate MD5, SHA-1, SHA-256, SHA-384 and SHA-512 hashes side-by-side from text or any file, with security ratings, secret-key signing and instant copy. Runs entirely in your browser, nothing is sent to a server.
Drop any file here, or click to browse
Any file type · Up to 500 MB
The key is never saved or transmitted. HMAC-SHA-256 and HMAC-SHA-512 will appear in results below.
| Security | Algorithm | Hash | Copy |
|---|
How to use the Hash Generator
Switch between Text mode and File mode using the tabs. In Text mode, hashes update live as you type. In File mode, drag and drop any file or click to browse, files process in the background so the page stays usable. Toggle HMAC mode to add a secret key and generate signed hashes alongside the standard ones.
- Select a mode, Text for strings and code snippets, File for downloads, ISOs, and binaries.
- Type, paste, or drop, Text hashes update within 300 ms. Files are processed in the background.
- Read the security rating, each algorithm shows whether it is , , or for security use.
- Copy the hash you need, click the copy icon on any row, or use Copy all to grab everything at once.
- Download a report, the .txt button saves a plain-text file with all hashes, the source name, and a timestamp.
- Toggle case, switch between lowercase and UPPERCASE with the format buttons at the top of the results panel.
Understanding the security ratings
Hash algorithms age poorly. MD5 (1992) and SHA-1 (1995) were widely trusted for decades, but researchers have since shown that these can be broken for security purposes. SHA-256 is the current recommended standard used by most organizations and software publishers. SHA-384 and SHA-512 offer even stronger protection, useful for long-term archival or high-value assets. None of these are suitable for storing passwords directly; for that, use a dedicated password manager or a purpose-built secure storage system. See the Password Generator for guidance on secure credential creation.
Verifying a file download
Software publishers often provide a SHA-256 or MD5 checksum alongside a download. Switch to File mode, drop the downloaded file, and compare the generated hash with the one published. The comparison must be character-for-character exact, a single difference indicates corruption or tampering. This technique is especially important for operating system ISOs, security tools, and archived data.
Frequently asked questions
What is a hash function?
A hash function takes any text or file and produces a unique fixed-length string of characters. The same input always produces the same hash, but even a tiny change completely transforms the result. Hashes are used to verify that a file hasn't been altered, to detect accidental corruption, and to create tamper-proof signatures.
Why are MD5 and SHA-1 shown as broken or deprecated?
Researchers have shown that it is possible to create two completely different files that produce the exact same MD5 or SHA-1 hash. This means these algorithms can no longer reliably prove that a file is genuine. Both are still useful for basic checks like detecting accidental file corruption, but should never be used for verifying software authenticity or storing passwords. Use SHA-256 or stronger for anything security-related.
Which algorithm should I use?
For verifying a file download, SHA-256 is the standard used by most software publishers. For signed requests, HMAC-SHA-256 or HMAC-SHA-512 are widely used. For password storage, do not use any of these algorithms directly, they are too fast, and a hacker could try billions of guesses per second against them. Use a dedicated password manager or a purpose-built secure storage system instead. For maximum long-term security, SHA-512 is an excellent choice.
Can this tool hash large files?
Yes. The file hashing mode supports files up to 500 MB. The computation runs in the background so your browser stays fully usable throughout, you can interact with the page while hashing runs. Drag and drop any file or click to browse. Try to avoid files larger than the available memory on your device.
Is my data sent to a server?
No. All hashing runs entirely in your browser. Neither your text nor your files ever leave your device. The tool works offline once the page has loaded. All input data is automatically erased when you close the tab. Secret keys you enter for signed hashing are never saved anywhere on your device. Only the static page files load from PureTools; your text, selected files and temporary hash results stay in the current browser tab and disappear with that tab session. Your data is never used to train AI models or improve machine learning systems.
What is HMAC and when should I use it?
HMAC is a way to create a secure signature by combining your content with a secret key. The result proves that the content hasn't been altered and that it was signed by someone who has the key. It is widely used by services like GitHub, Stripe and Shopify to verify that data they receive is authentic. Toggle HMAC mode, enter your secret key, and the signed hash will appear in the results. The key is never saved or sent anywhere.
How do I verify a file download using this tool?
Download the file, switch to File mode, then drag and drop it into the tool. Select the algorithm that matches the fingerprint provided by the publisher, usually SHA-256 or MD5. Compare the generated hash with the publisher's value character by character. Even a single difference means the file has been altered or corrupted. The publisher typically provides a small text file containing the expected hash, open it with any text editor to find the value to compare against.
What encoding is used for text hashing?
All text is processed using the universal character encoding standard (UTF-8), which supports all languages and special characters including emoji. If you are comparing a hash generated by another tool and the values don't match despite identical text, that other tool may be using a different character encoding. Check for invisible differences like trailing spaces or line breaks, which also affect the result.