Loading...
Generate SHA-256 and SHA-512 hashes. Auto-computes as you type. Your data never leaves your browser.
Text Input
SHA-256(64 chars)
SHA-512(128 chars)
Pro tip
Hardcoded secrets committed to your repo? Git AutoReview detects API keys, tokens, and credentials in PRs before they reach production.
Type or paste text into the input and SHA-256 and SHA-512 hashes compute automatically — no button needed. Toggle between Hex and Base64 encoding using the button above. Press Ctrl+Shift+C to copy the SHA-256 hash directly.
SHA-256 is the right default for most work: TLS certificates, file checksums, HMAC signatures, API request signing, Bitcoin. It gives you a 64-character hex output. SHA-512 doubles that to 128 characters, is harder to brute-force, and is actually faster on 64-bit CPUs because it processes data in 64-bit words internally. Reach for SHA-512 when deriving keys with PBKDF2 or when you specifically need extra margin against preimage attacks.
Hex is longer but readable — two characters per byte, easy to compare in a diff. Base64 is shorter and shows up in HTTP headers, JWT signatures, and anywhere a binary-safe format is needed. Default to Hex unless you specifically need compact output.
SHA-256 is one-way: no algorithm reverses it. For passwords specifically, use bcrypt or Argon2 — not SHA-256. SHA-256 is too fast, which makes brute-force cheap. Bcrypt at cost 12 takes ~300ms per guess; SHA-256 takes microseconds.
Hashing runs entirely in your browser via the Web Crypto API (crypto.subtle.digest). No network requests, no server involved. Open DevTools Network tab while typing and you will see nothing leave your machine.
The tool auto-computes as you type. Press Ctrl+Shift+C (Cmd+Shift+C on Mac) to copy the SHA-256 hash.
Think of it as a fingerprint with a superpower: feed a gigabyte of data into SHA-256 and you always get the same 64-character hex string back. Change a single byte anywhere in the input and the output flips completely and unpredictably — that property is called the avalanche effect, and it is what makes hashes useful for integrity checks. No two distinct inputs should ever produce the same output, which is the whole point.
SHA-256 is the right default for most work: TLS certificates, file checksums, HMAC signatures, API request signing, Bitcoin. SHA-512 doubles the output to 128 hex characters, which is harder to brute-force and actually faster on 64-bit CPUs because it uses 64-bit arithmetic internally. Reach for SHA-512 when you need extra margin against length-extension attacks or are deriving keys with PBKDF2.
MD5 has been broken since the early 2000s. You can produce two inputs with identical MD5 hashes in seconds on a laptop — which is the one property a hash function must never allow. The browser Web Crypto API omits it deliberately. We kept the same line: including a broken algorithm with a warning label is worse than not including it.
No. The math runs in one direction only, and there is no inverse function. Attackers get around this for weak inputs by pre-computing hashes for millions of common passwords and checking if yours matches — that is a rainbow table attack. Bcrypt, Argon2, and scrypt defeat it by being deliberately slow and memory-intensive: bcrypt at cost 12 takes around 300ms per attempt, which turns a brute-force attack from hours into decades.
File integrity verification is the most common one: hash the download, compare it to the published checksum. Beyond that: HMAC-SHA256 for API request signing, git commit IDs, TLS certificate fingerprints, and storage deduplication. One thing SHA-256 is not suitable for is direct password storage — it is too fast, which makes brute-force cheap. Use bcrypt or Argon2 for passwords.
We run the hashing client-side using SubtleCrypto, so your text never leaves the browser. Open DevTools Network tab while using the tool and you will see nothing going out. For genuinely sensitive material, hash it inside your own codebase where you control the environment.
The tool auto-computes as you type. Ctrl+Shift+C (Cmd+Shift+C on Mac) copies the SHA-256 hash to clipboard.
Developer Toolkit by Git AutoReview
Free tools for developers. AI code review for teams.