A hash function takes an input of any size and produces a fixed-length output (the digest) that looks like random bytes. The same input always produces the same hash. Change even one character and the output is completely different — this property is called the avalanche effect.
Hash functions are one-way: given a digest, there's no feasible way to recover the original input. This makes them a fundamental building block in cryptography, security, and software engineering.
MD5 and SHA-1 are cryptographically broken — researchers have demonstrated real collision attacks. SHA-1 was officially deprecated by NIST in 2011. Don't use either for security purposes (certificates, signatures, password hashing). For integrity and signatures, use SHA-256 or SHA-512. For passwords, use a dedicated KDF like bcrypt, Argon2, or scrypt — plain SHA is too fast and vulnerable to GPU-based attacks.
| Algorithm | Output size | Status | Use for |
|---|---|---|---|
| SHA-1 | 160 bit | Broken | Legacy systems only |
| SHA-256 | 256 bit | Secure | Checksums, signatures, general use |
| SHA-384 | 384 bit | Secure | TLS certificates, higher assurance |
| SHA-512 | 512 bit | Secure | Long-term security, archive integrity |
All hashing runs in your browser via the Web Crypto API — your input is never sent anywhere.