What Is a Hash? SHA-256, MD5, and Why Checksums Still Matter

You download a Linux ISO or a software package, and the website shows a long string of letters and numbers labeled "SHA-256". That's a hash — a digital fingerprint of the file. If even one bit of the file changes, the hash changes completely.

A hash generator creates these fingerprints from any text. You can use it to verify file integrity, compare two pieces of data without seeing the actual data, or generate cache keys.

SHA vs MD5: which one to use

SHA-256 is the current standard. It produces a 64-character hex string and has no known practical collisions (two different inputs producing the same hash). Use this for anything security-related.

MD5 is faster but broken for security. Don't use it for passwords or anything where someone might try to fake a match. It's still fine for non-security uses like cache invalidation, checksums for data integrity (not authentication), and deduplication.

Our free hash generator supports SHA-1, SHA-256, SHA-384, SHA-512, and MD5. You can hash any text and compare two hashes side by side to see if they match. We also have a dedicated MD5 generator if that's all you need.

Real-world hash uses

Password storage: websites don't store your actual password. They store a hash of it. When you log in, they hash what you typed and compare. If the hashes match, you're in. This is why "forgot password" exists instead of "show me my password" — they can't reverse the hash to get the original.

Git uses SHA-1 hashes for every commit. The commit ID you see is just a hash of the commit's contents and metadata. This is why changing a commit message changes the hash — and why rebasing creates new commits.