Generate cryptographic hashes with streaming. Part of the DevTools Surf developer suite. Browse more tools in the Security / Crypto collection.
Use Cases
Generate SHA-256 checksums for file download verification pages.
Hash API request bodies to detect tampering before processing.
Create content-addressable identifiers for caching or deduplication.
Generate HMAC inputs from combined fields for request signing.
Tips
Use SHA-256 or SHA-3-256 for general-purpose hashing in 2024 — MD5 and SHA-1 are cryptographically broken for collision resistance.
Hash the same file with multiple algorithms simultaneously to generate a multi-algorithm checksum file for distribution.
Streaming mode handles files larger than available memory by processing chunks — necessary for hashing multi-GB files.
Fun Facts
MD5 was designed by Ron Rivest in 1991. By 2005 researchers demonstrated full MD5 collision attacks — two different inputs producing the same hash — making it unsuitable for security.
SHA-256 produces a 256-bit output from inputs of any length. The probability of two random inputs colliding is 1 in 2^256 — approximately 10^77, more than the number of atoms in the observable universe.
Git uses SHA-1 to identify commits and objects. In 2017, Google's SHAttered attack produced the first practical SHA-1 collision. Git migrated to SHA-256 object storage (available since Git 2.29 in 2020).
FAQ
Which algorithm should I use?
SHA-256 for general use, SHA-3-256 if you need NIST's post-quantum resistant design, BLAKE3 for speed-sensitive applications. Avoid MD5 and SHA-1 for any security purpose.
What's streaming mode?
Instead of loading the entire input into memory, streaming processes data in chunks. Required for large files (>500MB) that would otherwise exhaust browser memory.
Is the hash computed client-side?
Yes — all hashing runs in your browser using the Web Crypto API. File contents and text input are never sent to any server.
