# Hash Generator (SHA-1/256/384/512)

> Compute SHA-1, SHA-256, SHA-384, and SHA-512 digests of any text, shown as hex and Base64, using the browser's native Web Crypto. Runs entirely in your browser.

- Tool: https://ronutz.com/en/tools/hash
- Family: Hashing & crypto

---

## What it does

Type text and get its SHA-1, SHA-256, SHA-384, and SHA-512 digests, each shown as hexadecimal and as Base64. The hashing is done by the browser's native Web Crypto (`crypto.subtle.digest`), not a bundled implementation, so the values match what any conformant platform produces. All four digests are computed at once, so switching which one you view never recomputes. Everything happens in your browser.

## What a cryptographic hash is

A cryptographic hash maps input of any length to a fixed-length digest, with a few defining properties: it is deterministic (the same input always gives the same digest), one-way (you cannot recover the input from the digest), and collision-resistant (it is infeasible to find two inputs with the same digest). Changing a single bit of input changes about half the output bits, so a digest reveals nothing about how similar two inputs are. The input here is hashed as its UTF-8 bytes.

## The four algorithms

All four are defined in FIPS 180-4, with reference code and test vectors also in RFC 6234. They differ in digest size:

- **SHA-1** produces 160 bits (40 hex characters). It is still widely seen but is broken for collision resistance, so it should not be used where an attacker could craft the inputs; it remains fine for checksums and for verifying against legacy systems.
- **SHA-256** produces 256 bits (64 hex characters) and is the modern default.
- **SHA-384** produces 384 bits (96 hex characters).
- **SHA-512** produces 512 bits (128 hex characters).

## Hex and Base64

The digest is a sequence of bytes; hex and Base64 are just two ways to write those same bytes. Hex uses two characters per byte and is the common form in most tools; Base64 is more compact and is what appears in places like Subresource Integrity attributes.

## Worked example

- The SHA-256 of `abc` is `ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad`, the standard test vector from the SHA specification.

## Using it

Type or paste text and read the four digests. Because a hash is one-way, this tool cannot turn a digest back into its input; recovering an input is only feasible when it had very little entropy, which the Hash Preimage Finder demonstrates.

## Standards and references

- [FIPS 180-4 - Secure Hash Standard (SHA-1/256/384/512)](https://csrc.nist.gov/pubs/fips/180-4/upd1/final) - definitions of the SHA family
- [RFC 6234 - US Secure Hash Algorithms](https://www.rfc-editor.org/rfc/rfc6234) - SHA + HMAC reference and test vectors

## Related reading

- [Choosing a hash: MD5, SHA-1, SHA-2, SHA-3, and BLAKE](https://ronutz.com/en/learn/hash-function-families.md): Which hash functions are still safe, which are broken, what their output sizes are, and how to pick the right one.
- [Collisions, preimage resistance, and the birthday bound](https://ronutz.com/en/learn/hash-collisions.md): The three security properties a cryptographic hash must have, why collisions matter, and the birthday math that sets the real strength.
- [Cryptographic hashing: SHA-256 and the SHA-2 family](https://ronutz.com/en/learn/hashing.md): What a hash function guarantees, the properties that make it cryptographic, and why a digest is not encryption.
- [Hashing, encryption, and encoding: three different things](https://ronutz.com/en/learn/hashing-encryption-encoding.md): Three operations that get constantly confused, separated cleanly by two questions: is it reversible, and does it need a key?
- [Storing passwords: bcrypt, scrypt, and Argon2](https://ronutz.com/en/learn/password-hashing.md): Why a fast hash like SHA-256 is the wrong tool for passwords, and what salting and work factors actually do.
