Verifying a downloaded ISO
Use SHA-256 against the publisher's checksum. If even one byte was tampered with, the digests differ. MD5 and SHA-1 are fine for accidental corruption but do not use them against an attacker.
Hash Generator
Calculate MD5, SHA-1, SHA-256, SHA-384, SHA-512, and CRC32 hashes from text or files, directly in your browser. Nothing is ever uploaded.
No. All hashing happens entirely in your browser via JavaScript and the Web Crypto API. No network requests are made when you enter text or select a file. You can verify this in the browser's Network tab.
For file integrity (checksum) use MD5 or SHA-256 — both are fine for non-security use. For security (password hashing, signatures) use SHA-256 or SHA-512, never MD5 or SHA-1 (both are broken for collision resistance). CRC32 is only useful for detecting accidental data corruption, not for security.
0 chars · 0 bytes
Drop a file here, or click to browse
Any file type. Works with large files (chunked reading).
Algorithms
|
Tip: hashes are computed live as you type. Uncheck algorithms you don't need for faster file hashing.
Why Hash Generator?
Fast, private, and covers every common hash algorithm.
Privacy by design
All hashing happens in your browser. Your text and files are never transmitted, stored, or logged anywhere.
Six algorithms at once
MD5, SHA-1, SHA-256, SHA-384, SHA-512, and CRC32 — see them all simultaneously, or pick only the ones you need.
File hashing
Drop any file (including multi-GB files) and get all hashes with a live progress bar. Chunked reading keeps memory low.
25 languages
Available in 25 languages with automatic browser detection. RTL support for Arabic, Persian and Urdu.
Live output
Hashes update as you type (with a short debounce). One-click copy for each result. Uppercase/lowercase toggle.
Web Crypto API
Uses the browser's native Web Crypto API for SHA hashes — the same implementation browsers use for TLS and subresource integrity.
How the hash generator works
Web Crypto API for SHA family, streaming for large files.
-
1
Drop a file or paste text
For text input we encode it to UTF-8 bytes via
TextEncoder. For files, we read them withFile.arrayBufferfor small files or stream them throughTransformStreamfor files larger than ~100 MB. -
2
Web Crypto handles the math
crypto.subtle.digest('SHA-256', bytes)computes the hash using the browser's hardware-accelerated implementation. This is the same algorithm OpenSSL uses, just run inside the V8 / JavaScriptCore sandbox. SHA-1, SHA-384, SHA-512 work the same way. -
3
MD5 and CRC32 via WebAssembly
MD5 and CRC32 aren't in Web Crypto (because both are cryptographically broken or not cryptographic). We ship tiny WASM implementations (~5 KB each) that compute them with the same streaming pattern.
-
4
Display all 6 hashes
Results are shown in hex format with a one-click copy button next to each. We also offer Base64 output for the SHA family — common when comparing against AWS S3 ETags or HTTP
Content-Digestheaders.
When to reach for which hash
Hashing has many uses — choose the right algorithm for the job.
Deduplicating files
Hash a set of photos with SHA-1 (or even MD5 if speed matters more than collision resistance). Identical hashes mean identical bytes — useful for cleaning duplicate uploads.
Generating ETag values
AWS S3 uses MD5 for single-part objects and a different scheme for multipart. iKit gives you the raw MD5 instantly, so you can verify whether your local file matches what S3 has.
Confirming a backup
Hash the original and the backup with SHA-256 separately, compare the two strings. Same hash = identical content. Different hash = the backup is corrupted or out of date.
Why local hashing matters
Some online hashers upload your file just to compute a checksum — exactly the wrong way around for a privacy-sensitive operation. iKit's hash generator computes everything in the browser using Web Crypto, so even confidential or private files are hashed without ever leaving your machine.
- Hardware-accelerated SHA via Web Crypto API.
- Streams large files in 64 KB chunks — no upload, no memory blow-up.
- No file metadata, no IP-linked log, no signup.
Related guides
Deep-dive tutorials and tool comparisons from the iKit blog.
-
How to Verify File Integrity with MD5 / SHA-256 Checksums
Compare a downloaded file's checksum against the publisher's — entirely in your browser.
-
How to Encode and Decode Base64 — With Real Examples
Hash digests are often Base64-encoded for transport; the same encoding shows up in many other places.
Frequently Asked Questions
Is my input sent to any server?
No. All hashing happens entirely in your browser via JavaScript and the Web Crypto API. No network requests are made when you enter text or select a file. You can verify this in the browser's Network tab.
Which algorithms should I use?
For file integrity (checksum) use MD5 or SHA-256 — both are fine for non-security use. For security (password hashing, signatures) use SHA-256 or SHA-512, never MD5 or SHA-1 (both are broken for collision resistance). CRC32 is only useful for detecting accidental data corruption, not for security.
Are MD5 and SHA-1 safe to use?
For file checksums and integrity verification against accidental corruption, yes — MD5 and SHA-1 are still commonly used (e.g., on download pages). For security-critical purposes (passwords, signatures, certificates), no — both have known collision attacks. Use SHA-256 or higher for anything security-sensitive.
Can I hash large files?
Yes. Files are read in 2 MB chunks with live progress. MD5 and CRC32 are processed fully incrementally (constant memory). SHA hashes require loading the file into memory due to Web Crypto API limitations, so files above ~2 GB may not work on all browsers.
Why do MD5 and SHA-256 produce different length outputs?
Each algorithm outputs a fixed-size digest: MD5 = 128 bits (32 hex), SHA-1 = 160 bits (40 hex), SHA-256 = 256 bits (64 hex), SHA-384 = 384 bits (96 hex), SHA-512 = 512 bits (128 hex), CRC32 = 32 bits (8 hex).