Hash Generator & Verifier
MD5, SHA-256 & More

A hash function is a mathematical algorithm that converts input data of any size into a fixed-size output (the hash). Key properties include: deterministic (same input always produces same output), one-way (cannot reverse to get original input), and collision-resistant (hard to find two inputs with the same hash).

No, cryptographic hash functions are designed to be one-way. You cannot mathematically reverse a hash to get the original input. However, for short or common inputs, attackers can use rainbow tables (precomputed hash databases) or brute force attacks. This is why passwords should use specialized algorithms like bcrypt or Argon2 with salts, not plain hash functions.

These are different hash algorithms with varying output sizes and security levels. MD5 produces 128-bit hashes but has known vulnerabilities. SHA-1 produces 160-bit hashes and is deprecated due to collision attacks. SHA-256 (256-bit), SHA-384 (384-bit), and SHA-512 (512-bit) are part of the SHA-2 family and are currently considered secure for most applications.

MD5 is cryptographically broken and should not be used for security purposes. Researchers have demonstrated practical collision attacks where different inputs produce the same MD5 hash. However, MD5 is still acceptable for non-security uses like checksums for detecting accidental data corruption or as cache keys.

Don't use simple hash functions like SHA-256 for passwords. Instead, use password-specific algorithms like bcrypt, Argon2, scrypt, or PBKDF2. These are designed to be slow and memory-intensive, making brute force attacks impractical. Always add a unique salt per password and use appropriate iteration counts.

SHA-256 is widely used for: SSL/TLS certificates, Bitcoin and cryptocurrency mining, digital signatures, file integrity verification, password hashing (with proper salting), Git commit IDs, and software package verification. It's part of the SHA-2 family and is considered secure for current applications.

MD5 is cryptographically broken due to collision vulnerabilities discovered in 2004-2008. Attackers can create different files with the same MD5 hash (collision attack). While still useful for checksums and non-security purposes, never use MD5 for password hashing, digital signatures, or any security-critical application.

A hash collision occurs when two different inputs produce the same hash output. For secure algorithms like SHA-256, random collisions are astronomically unlikely - you'd need to hash 2^128 inputs to have a 50% chance. However, MD5 and SHA-1 have known collision attacks that make finding collisions practical.

No, they serve different purposes. Hashing is a one-way function that creates a fixed-size fingerprint of data and cannot be reversed. Encryption is a two-way process that scrambles data with a key and can be decrypted back to the original. Use hashing for data integrity and password storage, encryption for confidentiality.

Both algorithms have known collision vulnerabilities that allow attackers to create different files with identical hashes. MD5 was broken in 2004, and SHA-1 was practically broken in 2017 with the SHAttered attack. Modern applications requiring cryptographic security should use SHA-256 or stronger algorithms from the SHA-2 or SHA-3 families.

Rainbow tables are precomputed databases of hash values for common passwords and phrases. Attackers use them to quickly reverse-lookup hashes without computing them on-the-fly. This is why salting passwords is critical - adding a unique random value to each password before hashing makes rainbow tables ineffective.

HMAC (Hash-based Message Authentication Code) combines a hash function with a secret key to verify both data integrity AND authenticity. Use HMAC when you need to ensure a message hasn't been tampered with and came from a trusted source. Common uses include API authentication, session tokens, and secure cookie verification.

Hashing is the process of converting a password into a fixed-size string. Salting adds a unique random value to each password before hashing. Without salts, identical passwords produce identical hashes, making them vulnerable to rainbow table attacks. Proper password storage requires both salting and using a password-specific algorithm like bcrypt.

Both are ways to represent binary hash data as text. Hex uses 16 characters (0-9, a-f), resulting in 2 characters per byte. Base64 uses 64 characters (A-Z, a-z, 0-9, +, /), resulting in about 1.33 characters per byte. Base64 is more compact but less human-readable. Hex is more common for hashes, while Base64 is often used for encoding binary data in JSON or URLs.

On Linux/Mac use commands like sha256sum, md5sum, or shasum. On Windows, use certutil -hashfile filename SHA256 or Get-FileHash in PowerShell. For example: sha256sum file.zip produces a SHA-256 hash. These tools are useful for verifying downloaded files against published checksums.