What Is Hashing?
Hashing is a mathematical process that converts any input — a word, a file, a database record — into a fixed-length output called a digest or hash. The transformation is deterministic (same input always yields same output) but practically irreversible (you cannot reconstruct the input from the hash).
This one-way property distinguishes hashing from encryption. Encryption is reversible with the right key; hashing is not. This makes hashes ideal for verifying data integrity and storing credentials without exposing the originals.
How Hash Functions Work
A good cryptographic hash function satisfies three properties:
- Deterministic — The same input always produces the same hash.
- Avalanche Effect — A tiny change in input (even one bit) completely changes the hash.
- Collision Resistant — It should be computationally infeasible to find two different inputs with the same hash.
Example of the avalanche effect with SHA-256:
Input: "hello"
SHA-256: 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
Input: "hellp"
SHA-256: ac3478d69a3c81fa62e60f5c3696165a4e5e6ac4b51d12bed36a0f21b3c3e1a8
Despite differing by only one character, the hashes are completely different.
Popular Hashing Algorithms Compared
| Algorithm | Output Size | Speed | Security Status |
|---|---|---|---|
| MD5 | 128 bits (32 hex) | Very fast | Broken — do not use for security |
| SHA-1 | 160 bits (40 hex) | Fast | Deprecated — collision attacks exist |
| SHA-256 | 256 bits (64 hex) | Fast | ✅ Widely used, recommended |
| SHA-512 | 512 bits (128 hex) | Moderate | ✅ Strong, good for file integrity |
| SHA-3 | Variable | Moderate | ✅ Modern standard, NIST approved |
| BLAKE2 | Variable | Very fast | ✅ Faster than SHA-256, highly secure |
MD5 and SHA-1 are no longer considered cryptographically secure for sensitive operations — researchers have demonstrated practical collision attacks. However, they're still used for non-security checksums (file deduplication, cache keys) where collision resistance isn't critical.
Practical Uses of Hashing
1. File Integrity Verification
When you download software, the provider often publishes a SHA-256 checksum. After downloading, you compute the hash locally and compare. If they match, the file hasn't been tampered with in transit.
2. Password Storage
Modern systems never store passwords in plain text. Instead, they store a hash (ideally with bcrypt, Argon2, or scrypt rather than plain SHA). When a user logs in, the entered password is hashed and compared against the stored hash.
3. Digital Signatures
To sign a document digitally, you hash the document and then encrypt the hash with your private key. Recipients can decrypt the signature with your public key and verify it matches their locally computed hash.
4. Deduplication and Cache Keys
Content-addressable storage systems (like Git) identify objects by their hash. Two files with identical content have the same hash and are stored only once.
5. Data Structures
Hash tables use hashing to map keys to array indices, enabling O(1) average-case lookups.
Hashing vs. Encryption vs. Encoding
| Hashing | Encryption | Encoding | |
|---|---|---|---|
| Reversible | ❌ | ✅ (with key) | ✅ (always) |
| Requires key | ❌ | ✅ | ❌ |
| Use for security | Integrity/passwords | Confidentiality | Data format |
| Example | SHA-256 | AES-256 | Base64 |
A common mistake is using Base64 "encoding" to hide sensitive data. Base64 is trivially reversible and provides zero security. Always use proper hashing or encryption for sensitive information.
SHA-256 vs SHA-512: Which to Choose?
SHA-256 is the safer general-purpose choice — widely supported, well-audited, and fast on 32-bit and 64-bit systems alike. SHA-512 produces a longer hash and is marginally faster on 64-bit systems (it operates on 64-bit words). For most purposes, SHA-256 is sufficient.
How to Hash Text in This Tool
- Enter your text in the input field.
- Select your desired algorithm (MD5, SHA-1, SHA-256, SHA-384, SHA-512, SHA-3).
- The hash is computed in real time in your browser using the Web Crypto API.
- Copy the output and use it in your application.
Nothing is sent to any server — all computation happens locally.
→ Try the Hash Text Tool