Confirming a download wasn't corrupted
Many open-source projects publish SHA-256 checksums alongside downloads. Hash your downloaded file, compare to published value — if they match, file is intact and unaltered.
Generate MD5, SHA-1, SHA-256, SHA-512 hashes for any file. Verify integrity of downloads or delivered files.
What this does
Drop a file in, get all four hash values instantly. Useful for verifying downloads (does my file match the published checksum?), confirming file integrity after transfer, deduplicating large file sets, or generating evidence-tracking values for legal chain-of-custody. Runs entirely in your browser using Web Crypto API + a local MD5 implementation.
Any file type, any size up to a few GB. The page reads the file into memory and starts hashing.
MD5 first (fastest), then SHA-1, SHA-256, SHA-512 in order. For a 100 MB file, all four finish in a couple seconds on modern hardware.
Each hash has a Copy button. Paste into your downloads-verification page, your chain-of-custody log, or your deduplication script.
Many open-source projects publish SHA-256 checksums alongside downloads. Hash your downloaded file, compare to published value — if they match, file is intact and unaltered.
Legal evidence (logs, photos, documents) needs hash values recorded at each handoff to prove no tampering. SHA-256 is the most commonly required for court submissions.
Hashing 1,000 photos to find duplicates is faster than visually comparing them. Same hash = same file, regardless of name or path.
Hash file before backup, hash again after restore. Match = backup worked, file integrity preserved.
Package managers use file hashes to verify downloaded dependencies match expected versions. Useful for security audits of supply chain.
VirusTotal and other security services accept SHA-256 lookups. Hash a suspicious file, check if it's a known malware variant before opening.
MD5 (128-bit)
Best for: Quick dedup, file-id mapping. Fast. NOT for security.
Watch out: Cryptographically broken since 2004 — collisions can be engineered. Don't use for verifying authenticity.
SHA-1 (160-bit)
Best for: Git commit IDs, legacy chain-of-custody. Moderately fast.
Watch out: Also broken (collisions demonstrated 2017). Migrate to SHA-256 for new use.
SHA-256 (256-bit)
Best for: Most modern use cases — downloads verification, evidence, certificates. Safe.
Watch out: Slightly slower than MD5/SHA-1 but still very fast. Use this by default.
SHA-512 (512-bit)
Best for: Long-term archival, high-security contexts. Future-proof.
Watch out: Roughly same speed as SHA-256 on 64-bit hardware. Use when paranoid; SHA-256 is usually enough.
If you hash the same file twice and get different values, the file is being modified between hashes (e.g., a log file being written to). Hash a copy in a frozen state.
Most published checksums use hex (lowercase, 64 chars for SHA-256). Some Git/HTTP headers use base64. They represent the same hash — just different encodings.
If you're hashing text files (config, source code), Windows CRLF vs Unix LF line endings produce different hashes. Normalize line endings first or hash the binary contents.
Above ~1 GB, browser memory becomes the bottleneck. Use a CLI tool (`shasum`, `sha256sum`) for hashing huge files.
Upload multiple files, create one ZIP archive, rename it, and download instantly.
Compress real files in-browser with dedicated PDF, Docs, and Image subtools.
Generate a clean client-ready email with link, access steps, and support info.
Reduce PDF file size in-browser and download a smaller PDF quickly.
Combine multiple PDFs into a single file. Drag, reorder, merge — fully in your browser.
Split a PDF into individual pages or custom page ranges. Browser-only, no upload.
No. Hashing happens in your browser using the Web Crypto API (window.crypto.subtle). The file never leaves your device.
SHA-256 for most modern use cases (security, integrity verification). MD5 is faster but cryptographically broken — only use for non-security uses like deduplication. SHA-1 is also broken; use SHA-256 or SHA-512 instead.
Limited by browser memory. Most browsers handle 1-2GB files comfortably for hashing (it's a streaming operation, not loading the whole file into memory).
Modern browsers with Web Crypto API are typically 60-80% of native command-line speed (e.g., `sha256sum`). For a 1GB file: ~5-10 seconds in browser, ~3-5 seconds command line.
Yes. Many software downloads publish their SHA-256 hash. Hash your downloaded file with this tool and compare to the published hash — they should match exactly.
The files differ — even by one byte. For downloads, that means corruption or tampering: re-download and re-check before trusting the file.
For accidental-corruption checks, yes. For security (proving nobody tampered with a file), use SHA-256 — MD5 collisions can be manufactured deliberately.
Windows: `certutil -hashfile file.zip SHA256`. macOS/Linux: `shasum -a 256 file.zip`. This tool does the same thing without a terminal — drag, drop, compare.
Start a 7-day free trial — card required. Add your domain when the next project ships.
Free plan · Cancel anytime · No vendor lock-in