Is MD5 still safe to use?

For checksums and ETags, yes. For anything security-sensitive (passwords, signatures, certificates), no. MD5 has practical collision attacks. Use SHA-256 or stronger when collision resistance matters.

Where does the file go when I drop it in?

Nowhere. The hash is computed in the page using the browser's Web Crypto API and a small vendored MD5 library; the file never leaves your machine.

What's the difference between hex, Base64, and Base64URL?

They are three encodings of the same hash bytes. Hex is 2x the byte count and unambiguous. Base64 is 4/3 the byte count. Base64URL replaces + and / with - and _ for URL safety.

Why does my hash differ from the server-computed one?

Usually because of trailing whitespace, line endings (CRLF vs LF), or the file was modified between hashes. Hash both copies of the same bytes and compare.

What is the maximum file size?

This page caps file input at 50MB so MD5 (synchronous) does not block the main thread. SHA hashes via Web Crypto would scale higher but we cap both for consistency.

Hash generator (MD5, SHA-1, SHA-256, SHA-384, SHA-512)

Compute MD5 and the four SHA-2 hashes for text or a file. Output as hex, Base64, or Base64URL. The page runs entirely in your browser; the file you drop in never leaves your machine.

Input

Hash a file

Output

HexBase64Base64URL

What is a cryptographic hash?

A cryptographic hash function takes an arbitrary amount of input and produces a fixed-size string of bytes (the "digest") in a way that is easy to compute forward and effectively impossible to reverse. Even a one-bit change in the input flips roughly half the output bits. The same input always yields the same hash.

Hashes are not encryption. They are one-way. They have three useful properties: collision resistance (hard to find two inputs that hash to the same value), preimage resistance (hard to find an input that hashes to a given value), and second-preimage resistance (hard to find a second input that matches a known one).

When to use this tool

Verifying a download.The publisher posts a SHA-256 of the official binary; you hash your copy and compare. Two strings of 64 hex digits, either they match or they don't.
Building an idempotency / dedupe key.A SHA-256 of the request body makes a fingerprint you can use to deduplicate writes or cache responses.
ETags and cache tags.A short MD5 of a response body is a cheap ETag. Web frameworks use this pattern out of the box.
Comparing two large files.If the file is too big to diff, hash both halves and compare. Matching SHA-256 means matching bytes.

How each algorithm differs

MD5 - 128 bits (32 hex chars). Designed in 1991, broken for collisions in 2004. Still fine for non-security uses (ETags, checksums of well-known files); never use for passwords, signatures, or any setting where an attacker controls part of the input.
SHA-1 - 160 bits. Broken for collisions in 2017 (the SHAttered paper). Same advice as MD5: legacy checksums only.
SHA-256, SHA-384, SHA-512 - the SHA-2 family. No published collisions. SHA-256 is the modern default; SHA-512 is faster on 64-bit CPUs because it operates on 64-bit words. SHA-384 is SHA-512 truncated to 384 bits.
Not on this page - SHA-3 (Keccak), BLAKE2/BLAKE3, and password-specific hashes like bcrypt / argon2. Password hashes should always be done server-side with a dedicated algorithm and a per-user salt.

Worked examples

The quick brown fox jumps over the lazy dog - MD5 is 9e107d9d372bb6826bd81d3542a419d6, SHA-256 is d7a8fbb307d7809469ca9abcb0082e4f.... Standard test vector; useful for sanity-checking an implementation.
An empty string - MD5 d41d8cd98f00b204e9800998ecf8427e, SHA-256 e3b0c44298fc1c149afbf4c8996fb924.... Same constants in every implementation; if you don't see these for empty input, the library is broken.
A 4MB image - the SHA-256 is computed by the browser's crypto.subtle.digest on the file's ArrayBuffer, no upload involved. The page stays responsive because Web Crypto is async.

Common pitfalls

Using MD5 for passwords.MD5 (and SHA-256) are fast - that's exactly why they're wrong for passwords. Use bcrypt, scrypt, or argon2 with a per-user salt and a tunable cost factor.
Comparing strings with ==.Server-side, use a constant-time compare (crypto.timingSafeEqual in Node, hmac.compare_digest in Python). Variable-time comparisons leak information about how many bytes matched.
Hashing the wrong bytes.A "checksum mismatch" is usually trailing newlines or Windows CRLF. Echo the file and the hash you computed; compare on raw bytes.
Trusting a hash without a signature.Anyone can swap a hash on a download page. A hash + signature (or a hash served over HTTPS from a different origin) is what makes it tamper-evident.
Hashing huge files synchronously.A pure-JS hash on a 1GB file freezes the page. SHA via crypto.subtle handles large input asynchronously; MD5 here is capped at 50MB to keep the main thread free.