Free hash generator
Generate MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes, sign a message with HMAC, or hash a password with bcrypt. The text you enter is hashed on your device and never sent to a server. You never sign in, and the page keeps nothing.
Copied to clipboard
How the hash generator works
Runs entirely in your browser
Choose an algorithm
Pick a plain hash such as SHA-256, an HMAC signed with a secret key, or bcrypt when you are storing a password.
Enter your text
SHA and HMAC digests are computed by your browser's built-in cryptography as you type. Nothing you enter is sent anywhere.
Copy the result
Copy the hex digest, or check a password against an existing bcrypt hash with the verify box.
Private by design: nothing leaves your browser
Most online hash generators post your text to a server. That is harmless for the word "hello" and careless for an API secret or a password, and you cannot tell from the outside which one you are using. This one computes everything locally:
100% client-side
SHA and HMAC digests come from your browser's built-in cryptography. MD5 and bcrypt need a small library, downloaded once when you first select them, and nothing you type is part of that request.
Nothing stored or logged
No account, no analytics on what you hash, no history. Reload the page and the text is gone from memory.
Open and verifiable
The digests match the published test vectors for each algorithm, so you can check this tool against any other implementation and get the same answer.
Which algorithm to use
- SHA-256 is the default for signatures, integrity checks, and content addressing.
- HMAC-SHA-256 is for proving a message came from someone holding a shared secret, such as a webhook signature.
- bcrypt is for storing passwords, because it is deliberately slow and salts every hash. Never store a password as a plain SHA-256 digest.
- MD5 and SHA-1 are broken for collision resistance and belong only in checksums or legacy systems you cannot change.
Built for developers and security-conscious teams
Developers who want a digest they can trust, computed somewhere they control. BlockSurvey takes the same position on research data with zero-knowledge surveys, where responses are encrypted before they ever reach a server.
Developers
Check a file checksum, reproduce a webhook signature, or generate a bcrypt hash for a seed user without pasting the secret into someone's server.
Security & IT teams
Confirm an integrity hash during an incident, and demonstrate to a colleague why a SHA-256 password hash is not enough.
Students & educators
Watch the avalanche effect as one character changes the whole digest, and compare bcrypt's salted output across runs.
Building something that handles sensitive data?
BlockSurvey runs on zero-knowledge surveys, so the responses you collect are never sold or mined. Responses are encrypted on the respondent's device, so the server stores nothing readable.