MD5 is no longer considered safe for cryptography (collisions have been found). Use SHA-256 or SHA-512 for security. MD5 remains useful for non-cryptographic checksums.

No, this tool only accepts text. To hash a file, use sha256sum (Linux/Mac) or certutil (Windows).

What is SHA-256 used for in DNS?

SHA-256 is used in DANE/TLSA records for certificate matching, in DKIM signatures, and in DNSSEC to verify the integrity of DNS responses.

Hash Generator online - Free MD5 SHA-256 SHA-512 tool

Why compute a hash online?

A cryptographic hash transforms text of arbitrary length into a fixed-size fingerprint. It is a fundamental tool for verifying data integrity, comparing content and generating fingerprints.

Three main use cases:

Verify integrity - Compare the hash of received text with the expected hash to detect any modification
Generate a fingerprint - Create a unique identifier from content (cache key, deduplication)
Debug protocols - Verify SHA-256 hashes used in DKIM, DANE/TLSA or TLS certificates

How to use the hash generator in 3 steps

Step 1: Enter your text

Paste or type the text you want to hash:

v=spf1 include:_spf.captaindns.com ~all

Step 2: Compute hashes

Click "Compute hashes" or use the shortcut ⌘+⏎ (Mac) / Ctrl+⏎ (Windows). All 4 algorithms run simultaneously.

Step 3: Copy the results

Each hash is displayed with its algorithm label and an individual copy button. Copy only the digest you need.

What is a cryptographic hash?

A hash function transforms an input of arbitrary size into a fixed-size digest. Fundamental properties:

Deterministic: the same input always produces the same hash
Fast: computation is nearly instantaneous
Collision-resistant: it is extremely difficult to find two inputs with the same hash
Avalanche effect: changing a single character radically changes the hash

SHA-256 example:

Input	SHA-256 hash (start)
`hello`	`2cf24dba5fb0a30e...`
`Hello`	`185f8db32271fe25...`
`hello` (space)	`6b1e2a5c5d21af0e...`

A single character change completely alters the digest.

Supported algorithms

Algorithm	Digest size	Security	Typical use
MD5	128 bits (32 hex)	Broken (known collisions)	Legacy, non-crypto checksums
SHA-1	160 bits (40 hex)	Deprecated (collisions found)	Legacy, Git commits
SHA-256	256 bits (64 hex)	Secure	DKIM, DANE/TLSA, TLS certificates
SHA-512	512 bits (128 hex)	Secure	Signatures, DANE/TLSA

Recommendation: use SHA-256 for everyday use. SHA-512 if you need extra security margin.

Real-world use cases

Verify DNS record integrity

Situation: You modify an SPF record and want to verify it was not altered during propagation.

Action: Compute the SHA-256 hash of your record before and after propagation. If the hashes match, the content is identical.

Generate a cache fingerprint

Situation: Your application uses content-based cache keys.

Action: Compute the MD5 or SHA-256 hash of the content to generate a unique key. Two identical contents always produce the same key.

Debug a DANE/TLSA record

Situation: Your TLSA record contains a SHA-256 hash of the certificate.

Action: Compare the hash in the record with the one computed from your certificate to detect a mismatch.

Verify a hash from the command line

To compare this tool's results with your system:

# SHA-256
echo -n "hello world" | sha256sum

# MD5
echo -n "hello world" | md5sum

# SHA-1
echo -n "hello world" | sha1sum

# SHA-512
echo -n "hello world" | sha512sum

The -n flag is essential: it prevents echo from adding a newline that would change the hash.

❓ FAQ - Frequently asked questions

Q: What is a cryptographic hash?

A: A hash is a fixed-size fingerprint computed from text. It is deterministic (same input = same output), fast and collision-resistant. It is used to verify data integrity without revealing the original content.

Q: Is MD5 still safe?

A: No, MD5 is no longer considered safe for cryptography. Collisions were found as early as 2004. Use SHA-256 or SHA-512 for anything requiring cryptographic security. MD5 remains acceptable for non-critical checksums.

Q: What is the difference between SHA-256 and SHA-512?

A: SHA-256 produces a 256-bit digest (64 hex characters), SHA-512 a 512-bit digest (128 hex characters). Both are secure. SHA-512 is marginally faster on 64-bit processors but produces a longer digest.

Q: Are hashes reversible?

A: No. A hash is a one-way function. It is mathematically impossible to recover the original text from the hash. This is what makes hashes useful for integrity verification and password storage.

Q: What is the avalanche effect?

A: The avalanche effect means that a tiny change in the input (a single bit) radically changes the hash. This fundamental property guarantees that you cannot predict the hash of a similar text.

Q: Is the hash of an empty string valid?

A: Yes. The SHA-256 of an empty string is e3b0c44298fc1c149afbf4c8996fb924.... Each algorithm has its own hash for the empty input.

Complementary tools

Tool	Use
Password Generator	Generate a password then compute its hash
Base64 Encoder	Encode/decode text as Base64
Case Converter	Normalize text case before hashing
DKIM Inspector	Verify DKIM signatures (uses SHA-256)
DNS Lookup	Query DNS records for a domain

Useful resources

RFC 1321 - MD5 (MD5 algorithm specification)
RFC 3174 - SHA-1 (SHA-1 specification)
RFC 6234 - SHA-256, SHA-512 (SHA-2 algorithm specifications)

Privacy commitment

Your text is sent to the CaptainDNS API solely to compute the hashes. No content is stored. Only anonymous technical metrics are logged (character count, processing time).

Hash Generator

Compute MD5, SHA-1, SHA-256 and SHA-512 in one click

4 algorithms at once

Per-algorithm copy

Lowercase hexadecimal

100% free

Native UTF-8