Hash and password tools

Hash functions take any input and produce a fixed-length output (the hash) such that small input changes produce wildly different hashes — useful for verifying file integrity, fingerprinting content for caching, and (in the case of password hashes) storing credentials irreversibly. The tools here cover the most-used functions, with explicit notes on which are appropriate for which use case.

The SHA-256 generator uses the browser's native SubtleCrypto API for the SHA-2 family (SHA-1, SHA-256, SHA-384, SHA-512). Output is hex-encoded by default with a base64 toggle. SHA-256 is the standard choice for general-purpose hashing — cryptographically secure, fast, widely supported. The MD5 generator uses a small JavaScript implementation (SubtleCrypto doesn't expose MD5). MD5 is cryptographically broken for security purposes but still widely used for non-security fingerprinting (file checksums, cache keys, tarball verification when speed matters more than collision resistance).

The bcrypt playground generates and verifies bcrypt hashes — the purpose-built password hash with configurable cost factor (work factor) that lets you tune compute cost as hardware speeds up. Generate a hash from a password and a cost, then verify the password against the hash. Use this for understanding bcrypt; never hash production passwords client-side (the cost defeats the purpose if the work happens on the user's device). For real password storage, use a server-side bcrypt or argon2 library with appropriate cost.