365tools

Hash Generator

Generate SHA-256, SHA-384, SHA-512 hashes and secure secrets for NextAuth / Auth.js. All computation is local.

Files processed in your browser — never uploaded

Hash Text

NextAuth / Auth.js Secret Generator

Generate a cryptographically random secret for NEXTAUTH_SECRET or AUTH_SECRET.

How Hash Generator Works

1

Enter your text

Type or paste any text — a password, an API key, a filename, or any string you want to hash. Use the eye icon to toggle visibility for sensitive inputs.

2

Click Generate Hashes

SHA-256, SHA-384 and SHA-512 hashes are all generated simultaneously using the browser's Web Crypto API. For a NextAuth secret, click Generate Secret instead.

3

Copy the hash

Click the copy icon next to any hash to copy it to clipboard. For the NextAuth secret, copy the value and paste it into your .env.local file.

Key Features

SHA-256, SHA-384 & SHA-512

All three SHA-2 variants are generated simultaneously so you can pick whichever your system requires without running the tool twice.

NextAuth / Auth.js secret generator

Generates a cryptographically random 32-byte URL-safe Base64 secret — equivalent to running openssl rand -base64 32 — ready to paste into NEXTAUTH_SECRET.

Web Crypto API

Uses crypto.subtle.digest() — the browser's native cryptographic API. No third-party library is involved and nothing leaves your device.

Input masking

Toggle the eye icon to hide your input. Useful when hashing passwords or secrets on a shared screen.

Instant results

SHA-2 hashing is extremely fast. Results appear immediately even for long inputs.

New secret every click

Each click of Generate Secret produces a fresh cryptographically random value using crypto.getRandomValues() — never the same secret twice.

Frequently Asked Questions

Q
What is SHA-256?
A
SHA-256 (Secure Hash Algorithm 256-bit) is a cryptographic hash function that produces a fixed 256-bit (64-character hex) output from any input. It is one-way — you cannot reverse a hash to recover the original. SHA-256 is used in TLS, code signing, Bitcoin, and many authentication systems.
Q
How do I generate a NEXTAUTH_SECRET?
A
Click 'Generate Secret' to create a cryptographically random 32-byte secret encoded as URL-safe Base64. Copy it to your .env.local as NEXTAUTH_SECRET="your-secret". Auth.js v5 uses AUTH_SECRET instead. You can also generate this with: openssl rand -base64 32
Q
Can I use SHA-256 to hash passwords?
A
You should NOT use plain SHA-256 for passwords. SHA-256 is too fast — attackers can test billions of guesses per second. For passwords use bcrypt, scrypt, or Argon2 which are intentionally slow and include salting. SHA-256 is appropriate for checksums, API key storage, and HMAC.
Q
What is the difference between SHA-256, SHA-384 and SHA-512?
A
All are part of the SHA-2 family. SHA-256 produces 64 hex chars (256 bits), SHA-384 produces 96 chars (384 bits), SHA-512 produces 128 chars (512 bits). All are considered cryptographically secure — the choice depends on your system's requirements.
Q
Is my input sent to a server?
A
No. This tool uses the browser's Web Crypto API (crypto.subtle.digest) which runs entirely in your browser tab. Your input and the resulting hashes never leave your device.

More Developer Tools

JSON Formatter

Format, minify and validate JSON instantly. Syntax-error highlighting included.

Base64 Encoder / Decoder

Encode text or files to Base64, decode Base64 back to text. URL-safe mode.

JWT Generator

Sign JWT tokens with HS256/HS384/HS512, or decode any JWT to inspect claims.