Type text below to hash it. MD5, SHA-1, SHA-256 and SHA-512 are computed instantly in your browser (your text is never sent anywhere). bcrypt is computed on the server because it is salted and deliberately slow.
MD5
SHA-1
SHA-256
SHA-512
bcrypt
bcrypt is salted (a new hash each time) and computed on the server. It only uses the first 72 bytes of input.
Paste a JSON Web Token (JWT) to decode its header and payload. Decoding happens entirely in your browser. The signature is shown but not verified — anyone can read a JWT, so never trust its contents without verifying the signature.
About hashes & JWTs
MD5 and SHA-1 are fast but cryptographically broken — use them only for checksums, never for passwords.
SHA-256 / SHA-512 are secure general-purpose hashes for integrity and fingerprints.
bcrypt is a slow, salted password hash designed to resist brute force — the right choice for storing passwords.
A JWT is base64url-encoded, not encrypted: its contents are readable by anyone. Security comes from the signature, not secrecy.