Hash Generator

Generate SHA-1, SHA-256, SHA-384 and SHA-512 hashes of any text — in your browser, nothing uploaded.

Text to hash

SHA hashes computed in your browser via the Web Crypto API — nothing is uploaded. (MD5 coming soon.)

Free to use — premium coming soon

FREE

✓ SHA-1/256/384/512
✓ Instant
✓ 100% private

PREMIUM

★ Remove ads
★ MD5 & file hashing

About the Hash Generator

The Hash Generator turns any text you type into a fixed-length cryptographic digest using the SHA family of algorithms: SHA-1, SHA-256, SHA-384, and SHA-512. A hash is a one-way fingerprint of your input. The same text always produces the same digest, but the digest can never be reversed back into the original text. Because the output is a fixed size no matter how much you feed in, hashing a single word and hashing an entire paragraph both produce a string of the same length. SHA-256, for example, always returns 64 hexadecimal characters whether the input is one letter or a thousand lines.

Reach for this tool when you need to fingerprint, verify, or compare data rather than encrypt it. Common uses include generating a checksum to confirm a copied or downloaded snippet has not changed, comparing two pieces of text to see whether they are byte-for-byte identical, producing test fixtures for code, or sanity-checking a hash value you found elsewhere. It is also handy for learning: paste a string, change a single character, and watch the entire digest transform. That sensitivity is the avalanche effect, and it is exactly why hashes are reliable for detecting even the smallest tampering or corruption.

Each algorithm differs mainly in digest length and internal design. SHA-1 produces 160 bits (40 hex characters), SHA-256 produces 256 bits (64 hex characters), SHA-384 produces 384, and SHA-512 produces 512 bits (128 hex characters). SHA-256 works on 32-bit words and 512-bit blocks, while SHA-384 and SHA-512 use 64-bit words and 1024-bit blocks, which can be faster on modern 64-bit machines. SHA-384 is essentially SHA-512 truncated with a different starting value. A longer digest leaves less room for two different inputs to collide, which is one reason SHA-256 and above are the modern defaults.

Everything here runs entirely in your browser, so the text you paste is hashed locally and never uploaded to a server. That makes the tool safe for sensitive snippets and instant to use offline once the page has loaded. One accuracy note worth understanding: a hash is not encryption and offers no secrecy on its own. Anyone can compute the same digest from the same input, and short or predictable inputs can be guessed by brute force. Hashes are excellent for integrity and comparison, but for protecting stored passwords you should use a purpose-built, salted password-hashing scheme rather than a raw SHA digest.

Frequently asked questions

Can a SHA hash be reversed back into the original text?

No. SHA hashing is a one-way function, so there is no mathematical operation that turns a digest back into its input. The only way to find the original is to hash candidate inputs and look for a match, which is why short or common strings can still be guessed.

Which SHA algorithm should I use?

For new work, use SHA-256 or higher. SHA-256 is the widely accepted default and is used in TLS, SSH, and Bitcoin, while SHA-384 and SHA-512 add a longer digest and can run faster on 64-bit systems. Avoid SHA-1 for anything security related.

Why is SHA-1 considered insecure?

In February 2017, researchers from Google and CWI Amsterdam ran the SHAttered attack, producing two different PDF files with the same SHA-1 digest. NIST formally retired SHA-1 in December 2022 and set a deadline of December 31, 2030 to phase it out, recommending SHA-2 or SHA-3 instead.

Will the same text always give the same hash?

Yes, for a given algorithm. Hash functions are deterministic, so identical input always yields an identical digest. Even a single changed character, including an extra space or a different letter case, produces a completely different result thanks to the avalanche effect.

Is it safe to paste private text into this tool?

Yes. The hashing happens entirely in your browser using the Web Crypto API, so your text is never sent to a server. That said, treat the resulting hash as non-secret, since anyone with the same input can reproduce it.

From our blog

XML to JSON: A Practical Guide to the Mapping That Trips People Up

By the Super Simple Digital Tools Team · Updated June 2026

XML and JSON both describe structured data, but they were designed for different worlds. XML grew up around documents: it has namespaces, schemas, mixed content (text and tags woven together), comments, and a strict notion of element order. JSON grew up around data interchange for the web: objects, arrays, strings, numbers, booleans, and null, with no attributes, comments, or namespaces. Converting from one to the other is less a translation and more a projection. You are taking a richer document model and flattening it into a leaner data model, and understanding what gets lost in that projection is the key to using the result confidently.

The first thing every converter must solve is attributes. In XML, <product sku="A1">Widget</product> carries both an attribute and text. JSON has only properties, so the attribute has to become a property too. The common solution is to prefix attribute keys so they cannot clash with child element names, most often with @, and to park the element's own text under a separate key. The BadgerFish convention formalises this with @ for attributes and $ for text content, which is verbose but loses very little. Simpler conventions read better but may discard the distinction between an attribute and a child element.

The second classic problem is arrays. XML does not have an array type, it just lets you repeat a tag. So <tags><tag>a</tag><tag>b</tag></tags> clearly should become a list, but <tags><tag>a</tag></tags> is ambiguous: is tag a single value or a list of one? Converters guess, and different tools guess differently. This is the single most common cause of bugs after conversion, because code that expects an array gets an object, or vice versa. The defensive fix is to coerce the field to an array in your own code before iterating, regardless of how the converter rendered it.

Then there is everything JSON simply cannot hold. Comments and processing instructions vanish. The XML declaration is dropped. Namespaces are usually reduced to local names, so the prefix information is gone. Mixed content, where text and child elements interleave inside one element, is awkward to model and is often serialised as a single string. None of this means the conversion is wrong, it means the conversion is lossy by design. If you need a perfect round trip back to the original XML byte-for-byte, JSON is the wrong intermediate format and you should keep the XML.

In practice the workflow is straightforward: get your XML from the SOAP response, RSS feed, or config file, paste it in, and read the JSON output. Then inspect the structure before wiring it into code, paying special attention to which fields became arrays and how attributes were prefixed. Because the conversion runs in your browser, you can do this with private payloads without sending them anywhere. Once you know the shape, parsing the JSON in JavaScript, Python, or any other language is trivial compared with walking an XML tree by hand, which is the whole point of converting in the first place.

Before coding against the output, scan for fields that became arrays versus single objects, and normalise repeated elements to arrays yourself so a one-item case does not break your loop.
Expect attributes to appear with a prefix such as @ in the JSON; reference them by that exact key rather than assuming they merged into the element.
If you rely on comments, the XML declaration, or strict element order, keep the original XML, since conversion to JSON discards all three.
For SOAP or namespaced documents, remember keys are usually shortened to local names (soap:Body becomes Body), so target the simplified key in your code.

Read the full guide →

Tool by the Super Simple Digital Tools Team. Reviewed by our editorial team. Free to use, no signup required.