Forem

Cover image for I got tired of pasting sensitive strings into random websites, so I built a browser-based hash generator
Andrew Rozumny
Andrew Rozumny

Posted on

I got tired of pasting sensitive strings into random websites, so I built a browser-based hash generator

#webdev #javascript #tools #security

I work on a few different projects and I hash things constantly —
checking file integrity, debugging password logic, verifying API payloads. For a long time I just googled "md5 generator" or "sha256 online" and used whatever came up first.

Then one day I actually looked at one of those tools in DevTools. The input was being sent to a server on every keystroke. For MD5 it probably doesn't matter. But I sometimes paste things that are closer to sensitive — partial tokens, config values, test passwords.
That felt dumb.

So I built my own.

How it works

The SHA family (SHA-1, SHA-256, SHA-512) is natively supported
in the browser via the Web Crypto API:

async function sha256(message) {
  const msgBuffer = new TextEncoder().encode(message);
  const hashBuffer = await crypto.subtle.digest('SHA-256', msgBuffer);
  const hashArray = Array.from(new Uint8Array(hashBuffer));
  return hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
}
Enter fullscreen mode Exit fullscreen mode

No libraries, no server calls. Just built-in browser APIs.

MD5 isn't part of Web Crypto (it's considered cryptographically broken, so intentionally excluded), so I inlined a pure-JS implementation — no npm package, no external requests.

What I actually use it for

File checksums — when I download something and the provider
lists a SHA-256 hash, I drop the file in and verify it matches. Takes 2 seconds.

Debugging auth logic — when something in a login flow isn't working and I want to check what hash my backend is actually generating vs what I expect.

Comparing API responses — quick way to check if two payloads are identical without reading them character by character.

It's part of a bigger thing

I've been building ToolDock — a set of browser-based dev tools I keep open in a pinned tab. JWT decoder, JSON formatter, Base64, regex tester, UUID generator and now hash generator.

Everything runs locally. No sign-up, no tracking, no server round-trips. I built it because I wanted tools I could actually trust with real data.

The hash generator is at tooldock.org/tools/hash-generator if it's useful to you. Feedback welcome — especially if there's an algorithm you need that's missing.

What do you use for quick hashing during development?

Top comments (0)