Hash & HMAC Generator

Generate MD5, SHA-1, SHA-256, SHA-384, SHA-512 hashes and HMAC signatures. All computation runs in your browser.

SHA-1/256/384/512 use the native Web Crypto API. MD5 is computed in pure JavaScript. No data leaves your browser.

About This Tool

This tool computes cryptographic hash digests and HMAC signatures directly in your browser using the Web Crypto API. Supported algorithms include MD5, SHA-1, SHA-256, SHA-384, and SHA-512. MD5 and SHA-1 are legacy algorithms useful for checksums and file verification; for security-critical applications always use SHA-256 or higher. HMAC (Hash-based Message Authentication Code) uses a secret key alongside the hash to verify both data integrity and authenticity commonly used in API signatures and JWT tokens.

How to Use

  1. Type or paste your text into the input field.
  2. Select the hash algorithm from the dropdown (SHA-256 recommended for most uses).
  3. For HMAC, enable the HMAC toggle and enter your secret key.
  4. The hash updates in real time copy the hex digest with one click.

Frequently Asked Questions

What is the difference between SHA-256 and MD5?

SHA-256 produces a 256-bit digest and is cryptographically secure. MD5 produces a 128-bit digest and has known collision vulnerabilities meaning two different inputs can produce the same hash. Use MD5 only for non-security purposes like checksums. Use SHA-256 or SHA-512 for passwords, digital signatures, and integrity verification.

What is HMAC used for?

HMAC (Hash-based Message Authentication Code) combines a hash function with a secret key to produce a signature. It's widely used in API authentication (HMAC-SHA256 for AWS signatures), webhook verification, and JWT (JSON Web Token) signing to ensure a message hasn't been tampered with.

Is my data sent to a server?

No. All hashing runs in your browser via the Web Crypto API. Your input text and HMAC keys are never transmitted anywhere. The page works fully offline once loaded.