How do I generate an MD5 or SHA-256 hash?

Paste your text or drop a file into a hash generator, pick the algorithm, and copy the resulting hex digest. QuickWand's Hash Generator supports SHA-1, SHA-256, SHA-512 and more, computed entirely in your browser so nothing is uploaded.

Does the Web Crypto API support MD5?

No. The browser's Web Crypto API (crypto.subtle.digest) intentionally supports only SHA-1, SHA-256, SHA-384, and SHA-512 — not MD5, because MD5 is considered insecure. Tools that offer MD5 in the browser implement it in JavaScript separately.

Should I use MD5 or SHA-256?

Use SHA-256 for anything security-related. MD5 and SHA-1 are cryptographically broken (practical collisions exist), so they should only be used for non-security tasks like a quick checksum against accidental corruption or a cache key. For integrity verification that matters, SHA-256 is the right default.

Can I reverse a hash back to the original text?

No. Hashing is one-way by design — there is no 'unhash'. The only way to find what produced a hash is to guess inputs and hash them until one matches, which is why fast hashes like MD5 are unsafe for passwords. To store data reversibly, use encoding or encryption instead.

June 15, 2026

How to Generate an MD5 or SHA-256 Hash Online

Maybe you need a checksum to publish next to a download, a cache key derived from some text, or a quick fingerprint to compare two files. All of those call for a hash— a fixed-length string computed from your input. Here is how to generate one, and how to pick the right algorithm.

How to generate a hash

QuickWand's free Hash Generator computes everything locally in your browser, so the text or file you hash — even a secret — is never uploaded.

Open the Hash Generator.
Paste your text, or drop in a file you want to fingerprint.
Choose the algorithm — SHA-256 is the sensible default, with SHA-1 and SHA-512 also available.
Copy the resulting hex digest. The same input always produces the same hash, so you can re-run it any time to compare.

A note on MD5 in the browser

Here is a technically important detail: the browser's built-in Web Crypto API (crypto.subtle.digest) does not implement MD5 at all. It supports only SHA-1, SHA-256, SHA-384, and SHA-512 — MD5 was deliberately left out because it is considered insecure. Any browser tool offering MD5 implements it in JavaScript separately. That omission is itself a strong hint about which algorithm to trust.

MD5 vs SHA-1 vs SHA-256: which to use

SHA-256— The default for anything that matters. No practical collisions are known, it is fast enough for general use, and it is what most modern checksums and signatures rely on.
SHA-1 — Broken. Researchers have produced real-world collisions. Avoid it for new work; you will only meet it in legacy systems.
MD5 — Badly broken. Collisions are trivial to generate. It is acceptable only for non-security tasks like detecting accidental file corruption or building a cache key, never for integrity or authentication.

The short version: reach for SHA-256 unless you have a specific, non-security reason not to.

What hashing is — and is not

A cryptographic hash is one-way: there is no “unhash” function. The only way to discover what produced a given hash is to guess inputs and hash them until one matches. That property is exactly why hashing fast algorithms like MD5 over raw passwords is dangerous — an attacker can try billions of guesses per second (real password storage uses slow, salted functions like bcrypt or Argon2 instead).

Keep the three jobs distinct:

Hashing — one-way fingerprint, for verifying integrity and comparison.
Encoding — reversible representation, like Base64, for transport. Anyone can decode it.
Encryption — reversible only with a secret key, for confidentiality.

Generate the hash, pick SHA-256, and remember it is a fingerprint — not a lockbox and not a decoder ring.

How to generate a hash

A note on MD5 in the browser

MD5 vs SHA-1 vs SHA-256: which to use

What hashing is — and is not

Frequently asked questions

Hash Generator