#️⃣

Hash & Checksum Generator

Generate SHA-1, SHA-256, SHA-384 and SHA-512 hashes from text or files, and verify a download against its published checksum — 100% in your browser.

Text Input
Or Hash a File
📂 Click to choose a file or drag & drop here
The file is read locally — it is never uploaded.
Hashes
Verify a Checksum

About the Hash Generator

A cryptographic hash is a fixed-length fingerprint of data: change one byte of the input and the hash changes completely. IT professionals use hashes to verify that a downloaded ISO or installer was not corrupted or tampered with, to compare files without transferring them, and to reference malware samples by SHA-256 in security reports. This tool computes SHA-1, SHA-256, SHA-384 and SHA-512 using your browser’s built-in Web Crypto API — text and files are processed entirely on your device.

To verify a download, paste the checksum published on the vendor’s site into the verify box, then drop the downloaded file above. The tool compares it against every computed hash and tells you whether it matches. Note that MD5 is not offered because the Web Crypto API deliberately excludes it — it has been cryptographically broken since 2004. If a vendor only publishes MD5, treat that as a red flag and prefer their SHA-256 value.

How to Use This Tool

1
Type or paste text, or drop a file onto the tool — hashing runs locally with the WebCrypto API, so files are never uploaded.
2
Read the SHA-1, SHA-256, SHA-384 and SHA-512 digests, computed simultaneously.
3
To verify a download, paste the checksum from the vendor's site into the Expected hash field — the tool compares it against the computed value and shows a clear match/mismatch verdict.
4
Copy any digest with one click for documentation or change records.

Common Use Cases

  • ⬇️
    Verifying downloads. Check an ISO, driver package or installer against the vendor's published SHA-256 before running it — corrupted or tampered files announce themselves immediately.
  • 🗃️
    Evidence and chain of custody. Hash a log export or disk image when it's collected, so you can later prove it hasn't changed.
  • 🔁
    Duplicate detection. Two files with the same SHA-256 are the same file — faster and more reliable than comparing contents by eye.
  • 📋
    Change documentation. Record the hash of a config file or firmware image in the change ticket, and diff-by-hash at the next audit.
  • 🧪
    Development and APIs. Generate a known-good digest when testing webhook signatures, cache keys or content-addressed storage.

Common Uses

  • 💿
    Verify ISO downloads. Compare your downloaded Windows or Linux image against the published SHA-256 before installing.
  • 🛡️
    Security triage. Hash a suspicious attachment and search the SHA-256 on VirusTotal without uploading the file itself.
  • 📋
    Change evidence. Record a config file’s hash before and after maintenance to prove what changed.
  • 🔁
    Duplicate detection. Two files with the same SHA-256 are the same file, regardless of name or timestamp.

Frequently Asked Questions

The vendor only published an MD5 checksum — is that still useful?
For accidental corruption, yes — a download that matches the MD5 almost certainly transferred intact. For security, no: MD5 collisions are practical to construct, so it proves nothing against deliberate tampering. Prefer the SHA-256 value whenever one is offered.
Can I get the original file back from its hash?
No — a hash is a one-way fingerprint, not encryption. Every input produces a fixed-size digest and there is no reverse operation. That's also why password systems store (salted) hashes rather than passwords: verification is possible, recovery is not.
Is my file uploaded anywhere?
No. The file is read with the browser’s FileReader API and hashed with crypto.subtle.digest on your own device. Nothing is transmitted, which is why this works offline once the page is cached.
Which algorithm should I use?
SHA-256 is the standard choice for file verification today. SHA-1 is provided only because some vendors still publish it — it is deprecated for security purposes. SHA-512 is common on Linux distribution mirrors.
Can I hash very large files?
The file is loaded into memory in one pass, so the practical limit depends on your device — multi-gigabyte files work on most modern desktops but may be slow on phones.