Hash Generator – MD5, SHA-256, bcrypt Online
Type or paste your text to generate cryptographic hashes instantly. All processing happens in your browser — nothing is sent to any server.
Please enter some text above before generating a hash.
— — — — — — bcrypt uses a random salt each time, so the output changes on every generation. This is by design.
What Is a Hash Generator?
A hash generator is a tool that converts any input text into a fixed-length string of characters using a cryptographic algorithm. The output — called a hash or digest — is unique to the input: even a single character change produces a completely different hash. Hashes are one-way functions, meaning you cannot reverse the process to recover the original text from the hash alone.
This free online hash generator supports five algorithms: MD5, SHA-1, SHA-256, SHA-384, SHA-512, and bcrypt. All processing happens entirely in your browser — your text is never sent to any server. It is safe to use with passwords, API keys, sensitive strings, or any private data.
How to Generate a Hash Online
- Type or paste your text into the input box above.
- MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes update instantly as you type.
- For a bcrypt hash, choose a cost factor and click Generate bcrypt Hash.
- Click Copy next to any hash to copy it to your clipboard.
MD5, SHA-256, SHA-512, and bcrypt – What's the Difference?
MD5 (128-bit)
MD5 produces a 32-character hex digest. It was widely used for checksums and file verification but is now considered cryptographically broken — collisions (two different inputs producing the same hash) can be found deliberately. Do not use MD5 for password storage or security-critical applications. It is still useful for non-security purposes like checksumming files to detect accidental corruption.
SHA-1 (160-bit)
SHA-1 produces a 40-character hex digest. Like MD5, it is considered broken for cryptographic purposes since 2017 when Google demonstrated a practical collision. SHA-1 is still used in some legacy systems and version control (e.g., older Git commits), but should not be used for new security applications.
SHA-256 (256-bit)
SHA-256 produces a 64-character hex digest and is part of the SHA-2 family. It is the current standard for most security applications — used in TLS certificates, code signing, blockchain (Bitcoin), JWT tokens, and API request signing. SHA-256 has no known practical weaknesses. This is the algorithm to use for general-purpose hashing in 2025 and beyond.
SHA-512 (512-bit)
SHA-512 produces a 128-character hex digest. It is part of the same SHA-2 family as SHA-256 and provides a higher security margin. On 64-bit systems it can actually be faster than SHA-256. Used in high-security applications, server-side password hashing (combined with a salt), and cryptographic protocols requiring a larger output.
bcrypt
bcrypt is a password hashing function specifically designed for storing passwords securely. Unlike MD5 and SHA algorithms, bcrypt is intentionally slow — it includes a cost factor (rounds) that you can increase as hardware gets faster to keep brute-force attacks impractical. It also automatically generates and embeds a random salt, so two bcrypt hashes of the same password will always be different. bcrypt is the industry standard for server-side password storage in most web applications.
Understanding the bcrypt Cost Factor
The cost factor (also called rounds or work factor) controls how computationally expensive each bcrypt operation is. The number of internal iterations is 2^cost, so each increment doubles the computation time.
Frequently Asked Questions
What is an MD5 hash and how do I generate one online?
MD5 (Message Digest 5) is a hash function that produces a 128-bit (32-character hex) digest from any input. To generate one online, paste your text in the box above — the MD5 hash updates instantly. MD5 is useful for verifying file integrity (checksums) but should not be used for password storage since it is cryptographically broken.
How do I generate a SHA-256 hash online?
Paste or type your text in the box above — the SHA-256 hash appears instantly in the results. SHA-256 uses the browser's native Web Crypto API, so it is fast, accurate, and computed entirely on your device. SHA-256 is the most widely used hash algorithm today, used in TLS, JWT, code signing, and Bitcoin.
How do I generate a bcrypt password hash online?
Type your password in the input box, choose a cost factor (10 is recommended), and click Generate bcrypt Hash. Because bcrypt uses a random salt, clicking the button again will produce a different hash even for the same input — this is expected and correct behavior. Both hashes are valid representations of the same password.
What is the difference between MD5 and SHA-256?
MD5 produces a 128-bit digest and is cryptographically broken (practical collisions exist). SHA-256 produces a 256-bit digest and has no known weaknesses. For any security purpose — password hashing, data integrity in a trust model, API signing — always use SHA-256 or SHA-512. Use MD5 only for non-security checksums where speed matters and collision resistance is not required.
Can I use SHA-256 to store passwords?
Not directly. SHA-256 is fast — and fast hashing is bad for password storage because it makes brute-force attacks faster too. For passwords, use a slow algorithm: bcrypt, Argon2, or scrypt. These are designed specifically for password storage and include a salt and a configurable work factor. SHA-256 without a salt is particularly dangerous for passwords since it is trivially rainbow-table attacked.
What is a salt in hashing?
A salt is a random value added to the input before hashing. It ensures that two users with the same password produce different hashes, and defeats precomputed rainbow table attacks. bcrypt generates and stores the salt automatically as part of the hash output (the hash string itself contains the salt, the cost factor, and the digest). For SHA-256/SHA-512, you need to add a salt manually before hashing.
How do I generate a Laravel password hash?
Laravel uses bcrypt by default (via PHP's password_hash() function with PASSWORD_BCRYPT). You can use this tool to generate a compatible bcrypt hash online — select cost 10 (Laravel's default) and click Generate. To verify in Laravel: Hash::check('plain-text', $hashedValue) returns true if the password matches.
How do I create a PHP password hash online?
PHP's password_hash($password, PASSWORD_BCRYPT) produces a bcrypt hash compatible with this tool. Generate a bcrypt hash here with cost 10, and it will verify correctly against PHP's password_verify() function. Use PASSWORD_ARGON2ID for even stronger security in PHP 7.3+.
Is my text uploaded to a server?
No. All hashing — MD5, SHA-1, SHA-256, SHA-384, SHA-512, and bcrypt — runs entirely in your browser using JavaScript. Your input text never leaves your device and is never stored or logged anywhere.
Why does bcrypt produce a different hash each time?
bcrypt generates a fresh random 128-bit salt for every hash operation. The salt is embedded in the output string alongside the cost factor and digest. This means two hashes of the same password will look different but both correctly verify against that password. The function to verify is always bcrypt.compare(plaintext, hash) — never compare bcrypt hashes as plain strings.
What is SHA-512 used for?
SHA-512 is used in high-security environments where a larger output is needed: TLS certificates, code signing on sensitive software, cryptographic key derivation, and database-side password hashing (combined with a salt). It is part of the SHA-2 family and has no known practical weaknesses. On 64-bit CPUs it is often faster than SHA-256 due to its internal 64-bit word operations.
Can I use this as an all-hash generator?
Yes. This tool generates five algorithms simultaneously: MD5, SHA-1, SHA-256, SHA-384, and SHA-512 — all updating live as you type. bcrypt is generated on demand via the button. You can copy any individual hash with the Copy button next to it.