SECURITY · 4 ALGORITHMS · NOTHING UPLOADED

File Hash Integrity Checker

Select any file to compute its SHA-256, SHA-512, SHA-1, and MD5 hashes — then paste the checksum from the download page to verify the file wasn't corrupted or tampered with. Hashing happens on your device; the file is never uploaded.

How verification works: the site you downloaded from publishes the file's expected hash. You compute the hash of your copy here and compare. If even one bit of the file changed — corruption, truncation, or tampering — the hash is completely different.

Infographic: file hash verification — the file passes through SHA-256 producing a fingerprint; matching the published checksum proves the file is intact
The avalanche effect: flip one bit anywhere in the file and the entire fingerprint changes.

Which hash algorithm should you use?

AlgorithmStatusUse for
SHA-256Current standardVerifying downloads, releases, backups — the default choice
SHA-512SecureSame as SHA-256; faster on some 64-bit systems
SHA-1Broken for securityOnly matching legacy published checksums — collisions are practical
MD5Broken for securityOnly accidental-corruption checks against old MD5 sums

If a download page offers multiple checksums, always verify against SHA-256 or SHA-512. MD5 and SHA-1 still detect accidental corruption, but an attacker can forge files that match them.

Frequently asked questions

What is a file hash or checksum?

A fixed-length fingerprint computed from a file's contents. Change one bit of the file and the hash changes completely. Publishers list the expected hash so you can verify your downloaded copy is exactly the file they released — not corrupted, not tampered with.

Is my file uploaded when I hash it here?

No. The file is read into your browser's memory and hashed locally using the Web Crypto API. Nothing is transmitted — you can disconnect from the internet after loading the page and hashing still works.

Why are MD5 and SHA-1 considered insecure?

Researchers can create two different files with the same MD5 or SHA-1 hash (a collision), so a matching hash no longer proves the file is authentic against a deliberate attacker. They remain fine for detecting accidental corruption. Use SHA-256 whenever the publisher offers it.

The hashes don't match — what should I do?

Delete the file and re-download it; most mismatches are interrupted or corrupted downloads. If a fresh download from the official source still mismatches, don't run the file — it may have been tampered with — and report it to the publisher.

Related free tools

SECURITY

Password Generator

Cryptographically random passwords, generated locally.

ENCODER

Base64 Encoder/Decoder

Encode and decode Base64 text.