What is the difference between MD5 and SHA-256?

MD5 produces a 128-bit hash and is fast but cryptographically broken — it's vulnerable to collision attacks and should not be used for passwords or security. SHA-256 produces a 256-bit hash and is currently considered secure for data integrity, digital signatures, and certificates.

Which hash algorithm should I use for passwords?

Always use bcrypt or Argon2id for storing passwords. They are intentionally slow and include a random salt, making brute-force attacks impractical. In PHP/Laravel, use Hash::make() which defaults to bcrypt. Never use MD5, SHA-1, or plain SHA-256 for passwords.

Can MD5 hashes be decrypted or reversed?

MD5 is a one-way function and cannot be mathematically reversed. However, simple or common passwords can be found in rainbow tables — precomputed databases of hash→password pairs. This is why salted hashing (bcrypt, Argon2) was invented.

Is this hash generator safe to use?

Yes. All hashing is performed entirely in your browser using the Web Crypto API and CryptoJS. No passwords or data are ever sent to our servers.

What is HMAC used for?

HMAC (Hash-based Message Authentication Code) uses a secret key combined with a hash function to verify both the integrity and authenticity of data. It is widely used in API request signing, JWT tokens, and webhook verification.

Password Security Toolkit

Password Encrypt & Decrypt

Hash passwords with MD5, SHA-256, bcrypt, Argon2 and more. Verify hashes and look up common passwords instantly.

Hash / Encrypt Password

Select algorithm, enter your password, and get the hash instantly

Password to Hash

Enter a password

Legacy / Fast (not for new passwords)

MD5

128-bit

SHA-1

160-bit

CRC32

checksum

SHA-2 Family (data integrity)

SHA-224

224-bit

SHA-256

256-bit ★

SHA-384

384-bit

SHA-512

512-bit

SHA-3 Family (latest standard)

SHA3-224

224-bit

SHA3-256

256-bit

SHA3-384

384-bit

SHA3-512

512-bit

Password Hashing (recommended for storing passwords)

bcrypt

salted ★★

Argon2id

memory-hard

Decrypt / Reverse Lookup

Look up MD5 / SHA-1 hashes in public rainbow table databases

Important: Cryptographic hashes are one-way functions — they cannot be mathematically reversed. This tool searches public rainbow table databases for MD5 and SHA-1 hashes of common/simple passwords. SHA-256, bcrypt, and Argon2 cannot be cracked this way.

Hash to Look Up

Hash Type

MD5

32 chars

SHA-1

40 chars

SHA-256

not crackable

Verify Hash

Check if a password matches a known hash

Password (plain text)

Known Hash

Algorithm

Match! The password matches the hash.

No match. Password does not match this hash.

bcrypt note: bcrypt hashes include a random salt, so the same password generates a different hash each time. Verification always works because bcrypt stores the salt in the hash itself.

Laravel tip: Hash::check('password', $hash) uses this same logic internally to verify bcrypt and Argon2 passwords.

HMAC — Keyed Hash

Generate a message authentication code using a secret key

HMAC (Hash-based Message Authentication Code) uses a secret key to produce a hash. It verifies both data integrity and authenticity — used in API signatures, JWT, and webhooks.

Message / Password

Secret Key

HMAC-256

recommended

HMAC-384

384-bit

HMAC-512

512-bit

HMAC-SHA1

legacy