Can a SHA-256 hash be reversed?

Not directly. SHA-256 is a one-way function. Common passwords may be found via rainbow tables, but strong random inputs are practically irreversible.

What is the difference between hashing and encryption?

Hashing is one-way and irreversible. Encryption is two-way — data can be decrypted with the right key. Use hashing to verify data, encryption to protect data.

Hash Generator

Generate SHA-256, SHA-512, SHA-1, and SHA-384 cryptographic hashes from any text.

🔒 All hashing happens locally in your browser — your text is never sent to any server.

Input Text

Uppercase output

SHA-256 (64 chars)

—

SHA-512 (128 chars)

—

SHA-1 (40 chars)

—

SHA-384 (96 chars)

—

Hash Comparison (verify two hashes match)

Hash A

Hash B

What Is a Hash Function?

A cryptographic hash function takes any input (text, file, data) and produces a fixed-length string called a hash or digest. The same input always produces the same output, but even a single character change completely changes the hash. Hash functions are one-way: you cannot reverse a hash back to the original input.

SHA Hash Algorithms Compared

Algorithm	Output Length	Security	Common Uses
SHA-1	160 bits (40 hex)	⚠️ Deprecated	Legacy systems, Git commit IDs
SHA-256	256 bits (64 hex)	✅ Secure	Bitcoin, SSL/TLS, code signing
SHA-384	384 bits (96 hex)	✅ Secure	TLS certificates, secure APIs
SHA-512	512 bits (128 hex)	✅ Very Secure	Password hashing, file integrity

Common Uses of Hashing

File integrity verification: Hash a file before and after transfer — if hashes match, the file was not corrupted or tampered with.
Password storage: Servers store a hash of your password, not the password itself. When you log in, your input is hashed and compared.
Digital signatures: A document is hashed, and the hash is signed with a private key to prove authenticity.
Blockchain: Bitcoin uses SHA-256 for proof-of-work mining and block linking.
Checksums: Software downloads include a SHA-256 checksum to verify the file is complete and unmodified.

Why Is SHA-1 Deprecated?

SHA-1 was broken in practice in 2017 when Google's Project Zero demonstrated the first SHA-1 collision — two different files producing the same SHA-1 hash. This means an attacker could substitute a malicious file for a legitimate one while keeping the same hash. SHA-256 and above remain secure as of 2026.

Frequently Asked Questions

Not directly — SHA-256 is a one-way function. However, common passwords can be found using rainbow tables (precomputed hash databases). That's why passwords should be hashed with a salt (random data added before hashing). Strong, unique hashes of long random inputs are practically irreversible.

Hashing is one-way (irreversible) and always produces the same-length output. Encryption is two-way — data can be decrypted back to the original with the right key. Use hashing when you need to verify data without storing it; use encryption when you need to recover the original.

This is called the avalanche effect, intentionally built into SHA algorithms. Changing even one bit of input causes roughly half of all output bits to flip. It ensures that similar inputs cannot be used to deduce each other's hashes.