You need a hash. You open your terminal. You type... what exactly?
I've seen projects use MD5 for password hashing (please don't), SHA-1 for file integrity (it's getting risky), and SHA-256 for things that really needed bcrypt. The hash algorithm landscape is confusing because there are too many options and each has a specific job.
For passwords: use bcrypt (or Argon2). Not SHA-256, not MD5. Passwords need slow hashing with a salt. bcrypt's cost factor makes brute-forcing expensive. SHA-256 is too fast -- an attacker can try billions of combinations per second with consumer hardware. Our bcrypt generator tool lets you test this: hash a password with cost factor 10, then try SHA-256 on the same input, and compare execution time.
For file integrity: SHA-256. It's the current standard. Git uses SHA-1 internally but that's a specific use case. For download verification, checksums, and data deduplication, SHA-256 is fast enough and collision-resistant for practical purposes.
For HMACs: use SHA-256 as the underlying hash. HMAC-SHA256 is the industry standard for API request signing, JWT verification, and message authentication codes.
For non-security checksums: MD5 is fine for checksumming large datasets where collisions are not a security concern. Just don't use it when security matters.
Our hash generator supports all the major algorithms so you can compare outputs side by side and see the difference.