SHA Hash Generator
Compute SHA-1, SHA-256, SHA-384 and SHA-512 hashes of any text.
Overview
The SHA hash generator computes SHA-1, SHA-256, SHA-384, and SHA-512 digests of any text or byte input. Paste a string and the tool returns all four hex digests side by side, so you can match whichever algorithm the receiving system expects.
It is the daily-use tool for verifying file checksums, generating Git object IDs, comparing API request signatures, and producing test vectors. A SHA-256 hash generator online also helps when you are confirming that two implementations — Python's hashlib, OpenSSL, your own code — agree on what a hash of a particular byte stream should be.
How it works
The SHA-2 family, standardised by NIST in FIPS 180-4, is a set of Merkle–Damgård hashes built on a common compression function with different word sizes and block lengths. SHA-1 (now deprecated for security but still common for non-cryptographic IDs) produces a 160-bit digest over 512-bit blocks. SHA-256 produces 256 bits over 512-bit blocks using 32-bit words; SHA-512 produces 512 bits over 1024-bit blocks using 64-bit words; SHA-384 is SHA-512 truncated to 384 bits with different IVs. All four pad the message to a multiple of the block size with a 0x80 byte, zero bytes, and a 64- or 128-bit length suffix, then iterate the compression function block by block.
SHA-1 is broken for collision resistance (Google's SHAttered demonstrated a real-world collision in 2017). SHA-2 remains unbroken and is the workhorse of TLS, Git, signatures, and HMACs.
Examples
Input: "" (empty)
SHA-1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA-256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA-512: cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
Input: "abc"
SHA-256: ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
Input: "The quick brown fox jumps over the lazy dog"
SHA-1: 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12
SHA-256: d7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592
FAQ
Which algorithm should I use?
SHA-256 is the safe default — fast, ubiquitous, no known weaknesses. Use SHA-384 or SHA-512 when matching a system that requires them. Use SHA-1 only when verifying against a legacy value; never for new designs.
Is SHA-1 broken?
Collision resistance is broken — given enough compute, attackers can produce two different inputs with the same SHA-1. Pre-image resistance (finding an input for a given hash) is still strong, so HMAC-SHA-1 and Git's content-addressed storage remain practically safe.
Is SHA-256 quantum-safe?
Grover's algorithm halves the effective security of any hash, so SHA-256 offers ~128 bits against a hypothetical large quantum computer (versus 256 classically). That is still comfortable, but post-quantum hash recommendations point to SHA-384+.
Why do file checksums sometimes mismatch?
Two common reasons: different line-ending normalisation (CRLF vs LF), and accidentally hashing the file URL or filename instead of its contents. Hash the raw bytes; do not let a text editor "fix" them first.