The file is read locally — it is never uploaded.
About the Hash Generator
A cryptographic hash is a fixed-length fingerprint of data: change one byte of the input and the hash changes completely. IT professionals use hashes to verify that a downloaded ISO or installer was not corrupted or tampered with, to compare files without transferring them, and to reference malware samples by SHA-256 in security reports. This tool computes SHA-1, SHA-256, SHA-384 and SHA-512 using your browser’s built-in Web Crypto API — text and files are processed entirely on your device.
To verify a download, paste the checksum published on the vendor’s site into the verify box, then drop the downloaded file above. The tool compares it against every computed hash and tells you whether it matches. Note that MD5 is not offered because the Web Crypto API deliberately excludes it — it has been cryptographically broken since 2004. If a vendor only publishes MD5, treat that as a red flag and prefer their SHA-256 value.
How to Use This Tool
Common Use Cases
- Verifying downloads. Check an ISO, driver package or installer against the vendor's published SHA-256 before running it — corrupted or tampered files announce themselves immediately.
- Evidence and chain of custody. Hash a log export or disk image when it's collected, so you can later prove it hasn't changed.
- Duplicate detection. Two files with the same SHA-256 are the same file — faster and more reliable than comparing contents by eye.
- Change documentation. Record the hash of a config file or firmware image in the change ticket, and diff-by-hash at the next audit.
- Development and APIs. Generate a known-good digest when testing webhook signatures, cache keys or content-addressed storage.
Common Uses
- Verify ISO downloads. Compare your downloaded Windows or Linux image against the published SHA-256 before installing.
- Security triage. Hash a suspicious attachment and search the SHA-256 on VirusTotal without uploading the file itself.
- Change evidence. Record a config file’s hash before and after maintenance to prove what changed.
- Duplicate detection. Two files with the same SHA-256 are the same file, regardless of name or timestamp.