Hash Generator
MD5, SHA-1, SHA-256, SHA-384, and SHA-512 for text or files — computed in your browser.
Hashes fingerprint data: verify a downloaded file against a published checksum, deduplicate content, generate cache keys, or confirm two configs are byte-identical. Type or paste text and every digest — MD5, SHA-1, SHA-256, SHA-384, SHA-512 — updates live; or drop a file to hash it whole.
The SHA family runs on the Web Crypto API and MD5 runs as a small self-tested implementation inside the page, so the data you hash is never uploaded — a real concern when checksumming installers, database dumps, or client deliverables. One honest note: MD5 and SHA-1 are fine for checksums and dedupe, but cryptographically broken for security purposes — use SHA-256 or stronger where tampering matters.
How to generate a hash
- 1
Choose Text or File input, then type your text or drop the file.
- 2
All digests are computed instantly — flip the uppercase toggle if your checksum source uses capitals.
- 3
Copy the hash you need with its row button and compare it to the published checksum.
Why use Nofolo’s hash generator?
Five algorithms at once
MD5, SHA-1, SHA-256, SHA-384, and SHA-512 computed side by side, each with its own copy button.
Text and file input
Hash a string as you type, or drop a file — ISOs, zips, and exports up to around 100 MB.
Live hashing
Text digests recompute on every keystroke, so you can watch a single character change everything.
Uppercase toggle
Match the case of whichever checksum file or vendor page you are comparing against.
Checksum verification
Compare a computed digest with a published one to confirm a download is intact.
Nothing uploaded
Hashing runs locally via Web Crypto — private files never leave your device.
Frequently asked questions
How do I verify a downloaded file’s checksum?
Drop the file here, then compare the SHA-256 (or whichever algorithm the publisher lists) with the published value. If even one character differs, the file is not the one that was published.
Is my file uploaded to compute the hash?
No. The file is read locally and hashed in your browser with the Web Crypto API. Nothing is transmitted — safe for private documents, installers, and database dumps.
Should I use MD5 or SHA-256?
For integrity checks against accidental corruption, MD5 is fast and adequate. For anything security-related — signatures, tamper detection, passwords — MD5 and SHA-1 are broken; use SHA-256 or SHA-512.
Can a hash be reversed to recover the original data?
No — hashing is one-way. But identical input always produces the identical hash, so short guessable inputs (like passwords) can be brute-forced by trying candidates. That is why passwords need salted, slow algorithms like bcrypt, not plain MD5 or SHA.
Why do I get a different hash than expected for the same text?
Usually invisible differences: a trailing newline or space, Windows CRLF line endings, or a UTF-8 BOM. Hashes are byte-exact, so any of these changes the digest completely.
Related tools
Base64 Encode / Decode
Encode text or files to Base64 — and decode back — UTF-8 safe, with a URL-safe option.
UUID Generator
Generate cryptographically random UUID v4s — one or a thousand — with code-ready formatting.
Password Generator
Create strong random passwords and memorable passphrases — generated locally, never sent anywhere.
JWT Decoder
Decode a JWT’s header and payload, read the claims, and check expiry — without the token leaving your browser.