Security Hash Generator

Hashing for Password Verification and File Integrity

1. Choose an input source. Paste text into the input box for short data, or drop a file onto the file-upload zone to hash an entire artifact (installer, ZIP, certificate).
2. Click "Generate Hashes". The tool reads the file as an ArrayBuffer (or encodes the text to UTF-8 bytes) and runs all four SHA-2 digests in parallel through crypto.subtle.digest().
3. Read the four output rows. Each shows one algorithm name plus the hex digest; the widths (40, 64, 96, 128 hex characters) correspond to 160, 256, 384, and 512 bits of output.
4. Toggle "Uppercase" to match the case convention of whichever external checksum you are comparing against. Most Linux distros publish lowercase; Microsoft and some older tools use uppercase.
5. Copy a digest by clicking the copy icon next to the line you want. Paste it into a diff tool or a terminal and compare byte-for-byte; eyeballing is unreliable past 16 characters.

Why This Page Is Not Just Another Hash Tool

This page is framed around security use: password verification, file-integrity attestation for signed downloads, and the primitives password-hashing schemes are built on. The implementation uses Web Crypto SubtleCrypto, constant-time for SHA-2 and free of side-channel leaks that plague hand-rolled JavaScript. File hashing reads the File via file.arrayBuffer() and passes the buffer to crypto.subtle.digest; a 500MB download takes about a second on a modern laptop. No bytes leave the tab - verified by absence of fetch calls. The four SHA-2 variants are in FIPS 180-4 and approved by NIST for digital signatures, HMAC, and key derivation. SHA-3 (FIPS 202) is not exposed because Web Crypto predates its standardization.

Threat-Model-Specific Scenarios

• Verifying that an Ubuntu ISO you downloaded matches the SHA-256 published on releases.ubuntu.com, defending against a poisoned mirror or a MITM on an HTTP mirror.
• Confirming a signed binary (macOS .dmg, Windows .msi, Linux .deb) matches the vendor\'s published SHA-256 before running it on a production server.
• Computing the digest input for a digital signature scheme - ECDSA and RSA-PSS both sign a hash, not raw data, and expect a SHA-256 or SHA-384 digest.
• Generating a stable file fingerprint for an audit log entry so you can prove later that a specific file existed at a specific time without storing the file itself.
• Building a Merkle tree for content-addressable storage, where each leaf is a SHA-256 of a chunk and the tree root commits to the whole file.
• Hashing a CSR or certificate body for a certificate transparency log entry, where SHA-256 is mandated by RFC 6962.

Why MD5 and SHA-1 Cannot Be Password Hashes

Every algorithm in this tool is a fast cryptographic hash - fast being the explicit design goal. A modern GPU can compute 10+ billion SHA-256 operations per second; an ASIC cluster mining Bitcoin computes 300+ exahashes per second globally. Fast is exactly wrong for password hashing. The LinkedIn 2012 incident is the textbook example: 6.5 million passwords were stored as raw unsalted SHA-1. Within 72 hours of the breach publication, crackers using the RockYou wordlist (32 million real passwords from the 2009 RockYou leak) and hashcat rule expansions had recovered over 90 percent of the passwords. The fix is not to pick a longer SHA variant - it is to switch to a deliberately slow password-hashing function. NIST SP 800-63B section 5.1.1.2 mandates PBKDF2, bcrypt, balloon, or Argon2 with per-user salt. Use the companion PBKDF2 tool on this site for correct password hashing; use this tool only when the goal is fast integrity digest, not credential storage.

The SHA-2 Family and What FIPS 180-4 Actually Says

FIPS 180-4 (Secure Hash Standard, August 2015) specifies SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256. The Merkle-Damgard construction they share processes the input in fixed-size blocks (512 bits for SHA-1/224/256, 1024 bits for SHA-384/512) through a compression function built from a Davies-Meyer-style block cipher. The constants come from the fractional parts of cube roots of the first 64 primes, chosen for nothing-up-my-sleeve rigor. Collision resistance is bounded by the birthday attack at 2^(n/2) operations for an n-bit output, so SHA-256 gives 128-bit collision security and SHA-512 gives 256-bit. FIPS 202 (SHA-3, Keccak) offers the same security with a completely different construction as insurance. NSA Suite B used SHA-384 for TOP SECRET protection; FIPS 202 added SHAKE-128 and SHAKE-256 extendable-output functions useful for deterministic randomness extraction. Pick SHA-256 by default, SHA-384 or SHA-512 when you need extra margin or are matching a specification.

When a Platform Native Tool Is Better

For gigabyte-scale downloads, the OS-native tool wins: shasum -a 256 ubuntu.iso on macOS, sha256sum on Linux, Get-FileHash -Algorithm SHA256 on PowerShell. Those stream from disk and handle files larger than browser memory limits. This tool wins for cross-platform convenience or when the user has no terminal. For application code, use the language library (hashlib, node:crypto, java.security.MessageDigest) rather than shelling out. For password hashing, this tool is the wrong primitive - reach for Argon2id (OWASP 2024 recommendation), bcrypt, or PBKDF2 via the companion tools.