Compute All Hashes at Once — MD5, SHA-1, SHA-256, SHA-512, SHA-3, BCrypt, Argon2id

Enter one string and instantly compute MD5, SHA-1, SHA-256, SHA-512, SHA-3, BCrypt, and Argon2id hashes side by side for comparison. All computation happens in your browser — nothing is sent to a server.


Tips for Comparing Hashes

  • See all 7 hash outputs for the same input at once, without switching between algorithm-specific pages.
  • MD5 and SHA-1 are fast but have weak collision resistance and are no longer recommended for password storage — use them only for lightweight tasks like file integrity checks.
  • For password storage, BCrypt or Argon2id are the current recommendations because their computational cost can be tuned with a salt.
  • Click the copy button next to any hash to quickly grab it for testing or documentation across multiple algorithms.

FAQ

No. All computation runs entirely in your browser using JavaScript/WebAssembly; neither the input string nor the resulting hashes are ever sent to or stored on a server.

Both algorithms generate a fresh random salt on each run and embed it in the output, so the same input produces a different hash each time. This is expected behavior and is essential for defending against rainbow table attacks.

Argon2id is the current top recommendation, with BCrypt a widely used alternative. MD5, SHA-1, SHA-256, SHA-512, and SHA-3 compute too quickly to be safe for password storage on their own.

They are unsuitable for security-critical uses like password storage or digital signatures. They are still used today for lightweight, non-adversarial tasks such as detecting accidental file corruption.

Use the dedicated BCrypt Hash or Argon2 Hash Calculator tools, which let you adjust the cost factor, memory size, iterations, and parallelism individually.
ツールくん

Side Note — Why Different Hash Functions Suit Different Purposes

MD5, SHA-1, SHA-256, SHA-512, and SHA-3 all belong to the same family of cryptographic hash functions, but they were designed in different eras for different needs, resulting in very different security levels today. Practical collision attacks (deliberately crafting two different inputs that produce the same hash) have been demonstrated against MD5 (1992) and SHA-1 (1995), and both are now banned for digital certificates and signatures. SHA-256, SHA-512, and SHA-3 remain considered secure and are widely used in blockchains and TLS certificates, where strong guarantees matter.

However, even a "secure" hash function like SHA-256 is unsuitable for storing passwords. These functions are deliberately designed to compute quickly, which lets an attacker try billions of password guesses per second using brute force or precomputed rainbow tables. BCrypt and Argon2, by contrast, are deliberately slow, and their cost parameters (BCrypt's round count, Argon2's memory and iteration settings) can be increased over time to keep pace with faster hardware — a fundamentally different design goal.

Argon2 won the 2015 Password Hashing Competition and is distinguished by its "memory-hardness" — the ability to require a specified amount of memory during computation. Specialized hardware such as GPUs and ASICs excels at fast parallel arithmetic but has limited memory capacity, so a memory-intensive algorithm like Argon2 resists large-scale brute-force attacks better than BCrypt, which is why OWASP recommends it as the first choice.