All tools

File Hash Generator (MD5, SHA-256)

Generate MD5, SHA-1, SHA-256, SHA-512 hashes for any file. Verify integrity of downloads or delivered files.

  • 100% local
  • No signup
  • Works offline once loaded

What this does

Generate MD5, SHA-1, SHA-256, and SHA-512 hashes for any file — all locally.

Drop a file in, get all four hash values instantly. Useful for verifying downloads (does my file match the published checksum?), confirming file integrity after transfer, deduplicating large file sets, or generating evidence-tracking values for legal chain-of-custody. Runs entirely in your browser using Web Crypto API + a local MD5 implementation.

How to hash a file

  1. 1

    Drop the file

    Any file type, any size up to a few GB. The page reads the file into memory and starts hashing.

  2. 2

    All 4 hashes compute in parallel

    MD5 first (fastest), then SHA-1, SHA-256, SHA-512 in order. For a 100 MB file, all four finish in a couple seconds on modern hardware.

  3. 3

    Copy any value

    Each hash has a Copy button. Paste into your downloads-verification page, your chain-of-custody log, or your deduplication script.

When you'd hash a file

Download verify

Confirming a download wasn't corrupted

Many open-source projects publish SHA-256 checksums alongside downloads. Hash your downloaded file, compare to published value — if they match, file is intact and unaltered.

Forensics

Evidence chain-of-custody

Legal evidence (logs, photos, documents) needs hash values recorded at each handoff to prove no tampering. SHA-256 is the most commonly required for court submissions.

Dedupe

Finding duplicate files

Hashing 1,000 photos to find duplicates is faster than visually comparing them. Same hash = same file, regardless of name or path.

Backup verify

Confirming backup integrity

Hash file before backup, hash again after restore. Match = backup worked, file integrity preserved.

Software dev

Lockfile content addressing

Package managers use file hashes to verify downloaded dependencies match expected versions. Useful for security audits of supply chain.

Security

Checking against known-bad hashes

VirusTotal and other security services accept SHA-256 lookups. Hash a suspicious file, check if it's a known malware variant before opening.

Which algorithm when

  • MD5 (128-bit)

    Best for: Quick dedup, file-id mapping. Fast. NOT for security.

    Watch out: Cryptographically broken since 2004 — collisions can be engineered. Don't use for verifying authenticity.

  • SHA-1 (160-bit)

    Best for: Git commit IDs, legacy chain-of-custody. Moderately fast.

    Watch out: Also broken (collisions demonstrated 2017). Migrate to SHA-256 for new use.

  • SHA-256 (256-bit)

    Best for: Most modern use cases — downloads verification, evidence, certificates. Safe.

    Watch out: Slightly slower than MD5/SHA-1 but still very fast. Use this by default.

  • SHA-512 (512-bit)

    Best for: Long-term archival, high-security contexts. Future-proof.

    Watch out: Roughly same speed as SHA-256 on 64-bit hardware. Use when paranoid; SHA-256 is usually enough.

Hash tips

  1. 01

    Hashes are deterministic — same file always = same hash

    If you hash the same file twice and get different values, the file is being modified between hashes (e.g., a log file being written to). Hash a copy in a frozen state.

  2. 02

    Hex vs base64 representations

    Most published checksums use hex (lowercase, 64 chars for SHA-256). Some Git/HTTP headers use base64. They represent the same hash — just different encodings.

  3. 03

    Whitespace and line endings matter for text

    If you're hashing text files (config, source code), Windows CRLF vs Unix LF line endings produce different hashes. Normalize line endings first or hash the binary contents.

  4. 04

    Large file hashing is memory-bound

    Above ~1 GB, browser memory becomes the bottleneck. Use a CLI tool (`shasum`, `sha256sum`) for hashing huge files.

Keep going

Related tools

No signup. No upload. Just the result.

Local only

Files never leave your browser.

Everything runs locally in this tab. Nothing uploads, nothing stores on a server, nothing indexes.

Ready in seconds

Fast — no queues, no ads.

No progress bars stuck at 99%, no rate limits, no 'please wait' screens. Drop, click, done.

On Pro

Branded delivery, when needed.

When the free tool isn't enough, deliver from files.your-agency.com — password and view analytics included.

More free tools for the handoff.

View all

ZIP File Creator

Eliminates manual zipping steps when sending multiple files to clients.

Compression Toolkit

Lets users actually compress files right away instead of guessing output ranges.

Client Delivery Email Generator

Saves time and reduces confusion in client handoffs by standardizing delivery messages.

PDF Compressor

Helps users send oversized PDFs that fail email and portal upload limits.

PDF Merge

Most PDF merge tools upload your sensitive documents to a server. Ours never does — everything happens in your browser with pdf-lib.

PDF Split

Extracting pages from a PDF usually requires uploading to a third party. This tool does it locally in your browser.

Frequently asked

No. Hashing happens in your browser using the Web Crypto API (window.crypto.subtle). The file never leaves your device.

SHA-256 for most modern use cases (security, integrity verification). MD5 is faster but cryptographically broken — only use for non-security uses like deduplication. SHA-1 is also broken; use SHA-256 or SHA-512 instead.

Limited by browser memory. Most browsers handle 1-2GB files comfortably for hashing (it's a streaming operation, not loading the whole file into memory).

Modern browsers with Web Crypto API are typically 60-80% of native command-line speed (e.g., `sha256sum`). For a 1GB file: ~5-10 seconds in browser, ~3-5 seconds command line.

Yes. Many software downloads publish their SHA-256 hash. Hash your downloaded file with this tool and compare to the published hash — they should match exactly.