Compute All Hashes at Once — MD5, SHA-1, SHA-256, SHA-512, SHA-3, BCrypt, Argon2id
Enter one string and instantly compute MD5, SHA-1, SHA-256, SHA-512, SHA-3, BCrypt, and Argon2id hashes side by side for comparison. All computation happens in your browser — nothing is sent to a server.
Tips for Comparing Hashes
- See all 7 hash outputs for the same input at once, without switching between algorithm-specific pages.
- MD5 and SHA-1 are fast but have weak collision resistance and are no longer recommended for password storage — use them only for lightweight tasks like file integrity checks.
- For password storage, BCrypt or Argon2id are the current recommendations because their computational cost can be tuned with a salt.
- Click the copy button next to any hash to quickly grab it for testing or documentation across multiple algorithms.
FAQ
Side Note — Why Different Hash Functions Suit Different Purposes
MD5, SHA-1, SHA-256, SHA-512, and SHA-3 all belong to the same family of cryptographic hash functions, but they were designed in different eras for different needs, resulting in very different security levels today. Practical collision attacks (deliberately crafting two different inputs that produce the same hash) have been demonstrated against MD5 (1992) and SHA-1 (1995), and both are now banned for digital certificates and signatures. SHA-256, SHA-512, and SHA-3 remain considered secure and are widely used in blockchains and TLS certificates, where strong guarantees matter.
However, even a "secure" hash function like SHA-256 is unsuitable for storing passwords. These functions are deliberately designed to compute quickly, which lets an attacker try billions of password guesses per second using brute force or precomputed rainbow tables. BCrypt and Argon2, by contrast, are deliberately slow, and their cost parameters (BCrypt's round count, Argon2's memory and iteration settings) can be increased over time to keep pace with faster hardware — a fundamentally different design goal.
Argon2 won the 2015 Password Hashing Competition and is distinguished by its "memory-hardness" — the ability to require a specified amount of memory during computation. Specialized hardware such as GPUs and ASICs excels at fast parallel arithmetic but has limited memory capacity, so a memory-intensive algorithm like Argon2 resists large-scale brute-force attacks better than BCrypt, which is why OWASP recommends it as the first choice.