How do I check the SHA-256 / MD5 checksum of a file? ▾
Drag your file onto the drop zone above, or click to browse. The file is read into your browser's memory and hashed with all 10 algorithms. The SHA-256, MD5, and other hashes appear in the results section below. Compare the value to the published checksum (often shown next to download links on software vendor sites) to verify the file is authentic and undamaged.
Does my file get uploaded when I hash it? ▾
No. Your file never leaves your device. The hash calculation uses your browser's built-in FileReader and Web Crypto APIs to process the file entirely in memory. You can verify this yourself: open browser DevTools, go to the Network tab, hash a file, and you will see zero outbound requests. This makes the tool safe for confidential, proprietary, or sensitive files.
What is the largest file I can hash here? ▾
There is no fixed limit set by us. The practical maximum depends on your device's available memory because the file is loaded into a single in-memory buffer. Most modern laptops handle files up to ~500 MB without issue. For files larger than 1-2 GB, you may hit browser memory limits — in that case, use a command-line tool like sha256sum (Linux/macOS) or CertUtil (Windows).
How long does it take to hash a large file? ▾
Hashing speed depends on the file size and your CPU. A typical modern laptop hashes at 200-500 MB/s in pure JavaScript (Web Crypto API), so a 100 MB file takes about 0.2-0.5 seconds. Most of the time for large files is spent reading the file into memory, not the hashing itself. The progress bar above shows the read progress.
Do the hashes match command-line tools like sha256sum or CertUtil? ▾
Yes — exactly. The SHA-256 produced here is byte-identical to the output of sha256sum (Linux/macOS), shasum -a 256 (macOS), or CertUtil -hashfile filename SHA256 (Windows) for the same file. Same for MD5 (md5sum, md5, CertUtil MD5), SHA-1 (sha1sum, CertUtil SHA1), and SHA-512 (sha512sum, CertUtil SHA512).
Why is my file's hash different from what is published on the download page? ▾
Most common causes: (1) the file is corrupted (incomplete download, transfer error, disk error) — try downloading again, (2) the file is a different version or build than the one the hash was published for, (3) the file has been tampered with, (4) you're comparing different algorithms (e.g., your SHA-256 with their SHA-1), (5) you're comparing a hash of the file's content against a hash of a zip/tar containing the file, or (6) line-ending or BOM changes for text files.
Can I hash multiple files at once? ▾
Not currently — this tool hashes one file at a time but computes all 10 algorithms in a single pass. For batch hashing of many files, use a command-line tool: `find . -type f -exec sha256sum {} +` on Linux/macOS, or `Get-ChildItem -File -Recurse | Get-FileHash -Algorithm SHA256` in PowerShell on Windows.
What is the best hash algorithm to verify file integrity? ▾
SHA-256 is the recommended choice for file integrity verification in 2026. It is fast, secure, widely supported, and standard for download verification (Linux ISOs, software releases, cryptocurrency wallets, etc.). SHA-512 is a stronger alternative when extra security margin is desired. Avoid MD5 and SHA-1 for security-critical verification — they are vulnerable to deliberate tampering.
How can I tell if a file has been tampered with? ▾
Hash the file with SHA-256 and compare against the publisher's published SHA-256. If they match exactly (character by character), the file has not been modified since the publisher hashed it. If they differ even slightly, the file has been changed — through corruption, accident, or tampering. For maximum trust, get the published hash through a separate trusted channel (signed announcement, HTTPS site, cryptocurrency block, etc.) — if both the file and the hash come from the same compromised source, neither can be trusted.