Hash & Encoding Tools

Base64 is a binary-to-text encoding scheme that converts arbitrary data into a string of ASCII characters. It uses a 64-character alphabet (A–Z, a–z, 0–9, +, /) plus = for padding. Every three bytes of input become four Base64 characters, making the encoded output roughly 33% larger than the original.

Base64 is used extensively across the web. Email attachments are Base64-encoded (MIME), data URIs embed images directly in HTML and CSS, HTTP Basic authentication encodes credentials as username:password in Base64, and many APIs accept binary payloads as Base64 strings in JSON. JWT tokens (which you can decode with our JWT Decoder) use a URL-safe variant called Base64url that replaces + with - and / with _.

SHA-256 (Secure Hash Algorithm 256-bit) is part of the SHA-2 family designed by the NSA and published by NIST in 2001. It takes any input — from a single character to an entire file — and produces a fixed 256-bit (32-byte) hash, typically displayed as a 64-character hexadecimal string. Even a single-bit change in the input produces a completely different hash (the avalanche effect).

SHA-256 is used for file integrity verification (checksums), digital signatures, SSL/TLS certificates, Git commit identifiers, blockchain proof-of-work, and password hashing (when combined with a salt via algorithms like bcrypt or PBKDF2). It's a one-way function — you cannot reverse a SHA-256 hash to recover the original input.

MD5 (Message Digest Algorithm 5) produces a 128-bit (16-byte) hash, displayed as a 32-character hexadecimal string. Designed by Ronald Rivest in 1991, MD5 was widely used for file integrity checks and password hashing for over a decade. However, collision vulnerabilities were discovered in 2004, and practical collision attacks followed in 2008.

Despite its weaknesses, MD5 remains useful for non-security purposes. It's fast and widely supported, making it practical for checksum verification (confirming a file downloaded correctly), cache key generation, deduplication, and data partitioning. Many Linux distributions still provide MD5 checksums alongside SHA-256 for file downloads.