SHA-256 Hash Generator — Free & Private
Generate SHA-256, SHA-384 and SHA-512 hashes from any text. Also generate secure secrets for NextAuth / Auth.js. All computation is local — nothing leaves your browser.
SHA-256 · 384 · 512
All three SHA-2 variants generated simultaneously from your input.
NextAuth Secret
Generate cryptographically random secrets for NEXTAUTH_SECRET or AUTH_SECRET.
No Upload
Web Crypto API runs in your browser. Input and hashes never leave your device.
Hash Text
NextAuth / Auth.js Secret Generator
Generate a cryptographically random secret for NEXTAUTH_SECRET or AUTH_SECRET.
What SHA-256 is used for
- File integrity verification — Compare a file's SHA-256 hash against the publisher's stated checksum to confirm it hasn't been tampered with.
- API key hashing — Store SHA-256 hashes of API keys instead of the keys themselves so a database breach doesn't expose the keys.
- HMAC generation — HMAC-SHA256 is the standard algorithm for JWT signatures and webhook verification.
- Deterministic IDs — Hash content to produce a reproducible unique identifier (content-addressable storage).
- NextAuth / Auth.js secrets — The
NEXTAUTH_SECRETenvironment variable requires a strong random secret to sign session tokens.
Frequently asked questions
What is SHA-256?
SHA-256 (Secure Hash Algorithm 256-bit) is a cryptographic hash function that produces a fixed 256-bit (32-byte) hexadecimal output from any input. It is one-way — you cannot reverse a SHA-256 hash to recover the original input. SHA-256 is used in TLS certificates, code signing, Bitcoin, and many authentication systems.
What is the difference between SHA-256, SHA-384 and SHA-512?
They are all part of the SHA-2 family. SHA-256 produces a 64-character hex output (256 bits). SHA-384 produces a 96-character output (384 bits). SHA-512 produces a 128-character output (512 bits). Larger outputs are marginally more collision-resistant but all three are considered cryptographically secure.
How do I generate a NEXTAUTH_SECRET?
Use the 'Generate Secret' button to create a cryptographically random 32-byte secret encoded as URL-safe Base64 (44 characters). Copy it to your .env.local file as NEXTAUTH_SECRET="your-secret-here". Auth.js (v5) uses AUTH_SECRET instead. You can also generate this with: openssl rand -base64 32
Is my data sent to a server when generating hashes?
No. This tool uses the browser's built-in Web Crypto API (crypto.subtle.digest) which runs entirely in your browser tab. Your input text and the resulting hashes never leave your device.
Can I use SHA-256 to hash passwords?
You should NOT use plain SHA-256 for password hashing. SHA-256 is too fast — attackers can run billions of guesses per second. For passwords, use a slow algorithm like bcrypt, scrypt, or Argon2 which are designed specifically for password hashing and include built-in salting. SHA-256 is appropriate for checksums, document integrity, and API key hashing.
What is a cryptographic hash used for?
Common uses include: verifying file integrity (checksums), storing passwords securely (with proper password-hashing algorithms), digital signatures, generating deterministic unique identifiers, message authentication codes (HMAC), and proof-of-work systems like Bitcoin mining.