What Client-Side Means
Tool inputs are processed by JavaScript and WebAssembly running in your browser. HashOnline does not need to upload files or text to a server to calculate a digest.
Security Browser boundary
Security
HashOnline keeps computations in the browser, but browser-based tools still have boundaries. Use this page to decide when the site is appropriate and when local audited tooling is the better choice.
Important Limits
A web page still depends on the code delivered to your browser, your browser environment, installed extensions, device security, CDN integrity, and network trust. For production secrets, prefer pinned, audited local tools.
Weak Algorithms
MD4, MD5, and SHA-1 are included for legacy compatibility and non-security checks. Do not use them for passwords, signatures, certificates, authentication, or tamper-resistant integrity.
Password Hashing
Do not store passwords with plain SHA-256, SHA-512, MD5, or SHA-1. Use password hashing algorithms such as Argon2id, bcrypt, or scrypt with unique salts and parameters tuned for your deployment.
Recommended Use
Good fit: public test vectors, checksum comparison, local download verification, debugging encodings, and learning algorithm behavior.
Use caution: private source files, unreleased artifacts, API signing keys, salts tied to real accounts, and regulated data.
Prefer local tools: production passwords, private keys, incident-response evidence, legal discovery data, and high-assurance release signing.