Elofyn

//Tools  ·  /tools/hash/about

← Back to the tool

About cryptographic hashes.

A practical explainer for anyone who has copied a checksum out of a release-notes page, paged through a SHA256SUMS file, or wondered why MD5 still ships in the box despite being broken for two decades.

1. What this tool does

The Hash Generator computes three live hex digests — SHA-256, SHA-1, and MD5 — over the UTF-8 bytes of whatever text sits in its input box. The empty box is not a blank canvas: each row starts pre-filled with the canonical digest of the zero-byte input, because the hash of nothing is a real, defined value and you should be able to recognize it on sight. The optional expected-hash field auto-detects the algorithm from the length of the pasted digest and flips the matching row to match or no match, so a published checksum becomes a one-paste verification.

2. What a cryptographic hash function is

A cryptographic hash function is a deterministic, one-way map from an arbitrary-length sequence of input bytes to a fixed-length sequence of output bytes — a fingerprint. For a function to be cryptographically useful, two properties matter:preimage resistance (given a digest, an attacker cannot feasibly recover an input that produces it) and collision resistance (an attacker cannot feasibly find two distinct inputs that produce the same digest). A third property the math falls out of, sometimes called the avalanche effect, is that flipping a single bit of the input should flip roughly half of the bits of the output — making any tampering loud rather than subtle.

Digests are bytes, but humans read text, so they are almost always displayed in hexadecimal (base-16, two characters per byte). The published checksums you see in SHA256SUMS files, GPG signatures, JWT thumbprints, Git object IDs, and OS release notes are all hex strings. This tool renders the same hex format — ungrouped, lowercase by default — so the digests line up with everything else you copy and paste.

3. A brief, honest history

MD5 was designed by Ronald Rivest at MIT and published as IETF RFC 1321 in April 1992 as the successor to MD4. Its output is 128 bits (32 hex characters). It was the default checksum hash for most of the 1990s and most of the 2000s. Collision attacks were demonstrated by Wang, Feng, Lai, and Yu at EUROCRYPT 2004 (“How to Break MD5 and Other Hash Functions”) and improved to seconds-on-a-laptop by 2007. Today MD5’s collision resistance is fully broken, while its preimage resistance still holds. It remains acceptable only for non-adversarial integrity checks — verifying a file against a checksum you trust the source of end-to-end, for example.

SHA-1was designed by the NSA and published by NIST as FIPS PUB 180-1 in 1995. Its output is 160 bits (40 hex characters). Theoretical collision attacks accumulated through the 2000s and 2010s, and a real, demonstrated collision arrived in February 2017 when Stevens, Bursztein, Karpman, Albertini, and Markov (the “SHAttered” team) produced two distinct PDF files with the same SHA-1 digest. Every major browser and operating-system vendor deprecated SHA-1 for signatures by the end of 2017. It is still safe inside HMAC, still in legacy protocols (notably Git object IDs, until SHA-256-aware Git mode rolls out broadly), and is no longer a defensible choice for new adversarial cryptography.

SHA-256 is part of the SHA-2 family, designed by the NSA and published by NIST as FIPS PUB 180-2 in August 2002, refined through FIPS PUB 180-4 in August 2015. Its output is 256 bits (64 hex characters). No collision has ever been demonstrated; the best-known attacks are well short of a brute-force win. It is the modern default — TLS 1.3 certificate hashes, JWT HS256 / RS256 / ES256, Bitcoin block headers, Git’s SHA-256 mode, GPG, Apple software updates, Linux distro release manifests. When in doubt, this is the one to reach for.

4. The technical principles in three short paragraphs

Merkle–Damgård construction.MD5, SHA-1, and the SHA-2 family all use the same skeleton: split the input into fixed-size blocks (512 bits for these three), pad the last block so its length encodes the original message size, then iteratively fold each block into a fixed-size internal state via a compression function. The final state is the digest. MD5’s internal state is 128 bits, SHA-1’s is 160, and SHA-256’s is 256, which is why their outputs are the sizes they are.

Why UTF-8 matters here. A hash function eats bytes, not characters. The string “naïve” encodes as 6 bytes in UTF-8 but only 5 bytes in Latin-1 — same characters, different bytes, different digest. This tool standardizes on UTF-8 (the modern web default and the encoding that echo -n uses in any UTF-8 locale) so that what you see in the browser matches what echo -n "naïve" | sha256sum produces in a terminal. The mono caption under the input shows the encoded byte count, not the JavaScript character count, so the math is always visible.

Why SubtleCrypto is async. The W3C Web Cryptography API was designed so implementations may run digest work off the main thread; the spec therefore returns a Promise<ArrayBuffer> even when the underlying engine could resolve synchronously. For typical text inputs the wall-clock cost is well under a millisecond, but the API contract is asynchronous and this tool honors it with a per-row computing… state so the UI never lies about whether a result is in.

5. Common use cases

Verifying a downloaded artifact against a published SHA256SUMS file or a release-notes line item. Sanity-checking that two payloads encode the exact same bytes — for instance, a request body and its echoed version in a log line — when you suspect middleware is rewriting them. Deriving a stable cache key from a piece of content for a CDN, a build artifact, or a memoized computation. Building a content-addressed identifier where the identity of a blob is literally its digest. Inspecting the hash internals of a JWT (the inputs to HS256) or a signature. Generating quick fingerprints for CTF challenges. Confirming what md5(uuid) looks like when chasing down a legacy ID-generation scheme.

6. Anti-patterns

Hashing a password directly. Plain SHA-256 of a password is brute-forceable in microseconds on a modern GPU and offers essentially no protection against a leaked database. Use a memory-hard, deliberately slow key-derivation function — Argon2, scrypt, or bcrypt — none of which is what this tool computes. Treating MD5 or SHA-1 as collision-resistant against an adversary.Don’t sign anything with them, don’t use them as cryptographic commitments in a protocol where a counterparty has incentive to forge. Hashing without naming an encoding. hash("hello") is ambiguous; the right phrasing is “the SHA-256 digest of the UTF-8 bytes of the string hello.” Using a hash as encryption. Hashes are one-way and not reversible — they are not, and never were, a substitute for a cipher.

7. How to choose between SHA-256, SHA-1, and MD5

For any adversarial setting — signatures, commitments, content authentication where a counterparty might forge — pick SHA-256 (or, if you have the option, SHA-512 or BLAKE3; this tool doesn’t expose them). For HMAC with a strong secret, all three are technically acceptable because HMAC is robust even with a weakened hash, but SHA-256 is the preferred default for any new code path. For a pure file-integrity check where you trust the publisher end-to-end and the only attacker is corruption or transcription error, MD5 and SHA-1 are fine and slightly faster than SHA-256 — though in practice most published checksum files are SHA-256 anyway, so reach for it first and fall back only when you have to. The match / no-match pills in this tool exist exactly for that verify workflow: paste your text, paste the published digest, read the pill.

8. References

  1. Rivest, R. (April 1992). The MD5 Message-Digest Algorithm. IETF RFC 1321. rfc-editor.org/rfc/rfc1321
  2. National Institute of Standards and Technology (August 2015). Secure Hash Standard (SHS). FIPS PUB 180-4. nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf

Related tools

  • JWT Decoder HS256 / RS256 / ES256 are SHA-256 under the hood; the same byte-digest mental model.
  • UUID Generator — UUID-v5 is literally SHA-1 of (namespace UUID + name) bytes; UUID-v4 is random.
  • Password Generator — sibling crypto-flavored tool; common pairing when bootstrapping credentials and their fingerprints.
  • Base64 / URL / HTML Encoder–Decoder — digests are often transported base64-encoded (e.g. JWT signatures, integrity hashes); the encoder closes the loop.
  • Number Base Converter — round-trip a hex digest into binary, decimal, or octal when you need a non-hex view.