Home All Algorithms File Hash bcrypt Verify Hash Blog MD5 SHA-1 SHA-256 SHA-512 FAQ More Tools
Hash verification · Auto-detects algorithm

Verify a hash
against text or file

Paste a hash you got from somewhere (a download page, a security advisory, a colleague) and check whether your text or file produces that exact value. The algorithm is detected automatically from the hash format and length — MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, CRC-32, Adler-32, FNV-1a, DJB2.

1. Text to hash
1. File to verify
Drop a file here, or click to browse
Hash is computed locally — file never leaves your device
filename.ext
size: 0 B
Reading…0%
2. Expected hash to check against — auto-detect —
Comparison is case-insensitive
How verification works
A hash is a fingerprint

Verification re-computes the hash of your input and compares it byte-by-byte (well, character-by-character) with the value you supplied. Same input + same algorithm = same hash, every time. If even one byte of input differs, the resulting hash is completely different.

📥

Verify downloaded files

A publisher lists a SHA-256 next to a download. Drop the downloaded file here, paste the published hash, and check — same hash means the download is authentic and intact.

🔍

Auto-detection

Hash algorithm is detected from length: 32 chars = MD5, 40 = SHA-1, 56 = SHA-224, 64 = SHA-256, 96 = SHA-384, 128 = SHA-512, 8 chars = CRC-32/Adler-32/FNV-1a/DJB2 (those four collide on length so all are tried).

🎯

Force a specific algorithm

For the 8-character non-cryptographic hashes (CRC-32, Adler-32, FNV-1a, DJB2), use the dropdown to specify exactly which one. Otherwise the tool reports all four if any match.

📁

Text or file

Switch between Text mode (verify a known string) and File mode (verify a file's checksum). File verification matches what sha256sum, md5sum, and CertUtil produce on the command line.

🔒

All client-side

The hash is computed in your browser using the Web Crypto API and a small amount of pure JavaScript. Your text, file, and the hash you paste — none of it is uploaded.

Instant feedback

For text, results appear in milliseconds. For large files (hundreds of MB), the file is read once and all matching algorithms are computed — typically under a second on modern hardware.

FAQ
Hash verifier FAQ
How do I verify a hash online for free?
Paste your text or drop your file in the first input, paste the expected hash value in the second, and click Verify Match. The tool detects the algorithm automatically from the hash length, recomputes the hash from your input, and tells you whether they match — all in your browser, no upload.
How does the tool know which hash algorithm to use?
Each algorithm produces a hash of a unique length when displayed in hexadecimal: MD5 is 32 characters, SHA-1 is 40, SHA-224 is 56, SHA-256 is 64, SHA-384 is 96, and SHA-512 is 128. The tool uses the length to pick the right algorithm. For 8-character hashes (CRC-32, Adler-32, FNV-1a, DJB2), the tool tries all four and reports any match — or you can force a specific algorithm with the dropdown.
My downloaded file's hash doesn't match the published one — what does it mean?
Most likely the file was corrupted in transit (download incomplete or damaged) — try downloading again. Other possibilities: (a) you have a different version than the published hash refers to, (b) line-ending or BOM differences for text files, (c) you're hashing the file inside an archive vs the archive itself, (d) the file has been tampered with, or (e) the publisher updated the file without updating the hash. A mismatch always means something is different; whether to trust the file depends on context.
Can I verify SHA-256 hashes from Linux ISO downloads?
Yes. The SHA-256 produced here is byte-identical to what sha256sum on Linux or shasum -a 256 on macOS produces. Drop the ISO into the File tab, paste the SHA-256 from the publisher's website, and verify. This is the standard way to confirm Ubuntu, Fedora, Debian, and other Linux ISO downloads are authentic.
Is hash verification case-sensitive?
The hash comparison here is case-insensitive — pasting all uppercase, all lowercase, or mixed case all work the same. This is because hexadecimal A-F and a-f represent the same bytes. The input text or file is always case-sensitive (text comparison is byte-exact).
What's the difference between a hash and an HMAC?
A plain hash (like SHA-256) of an input produces a deterministic fingerprint. An HMAC (Hash-based Message Authentication Code) additionally uses a secret key — only someone with the key can produce or verify the HMAC. This tool verifies plain hashes only. For HMAC verification, you'd need the secret key plus the same algorithm and would compare HMAC(key, message) against the expected MAC value.
Can I verify a bcrypt or Argon2id password hash here?
No — bcrypt and Argon2id are password hashing functions with embedded salts and cost factors. They need a different verification flow (you check a password against the hash, not whether two values match). For bcrypt verification, use our dedicated bcrypt verifier page. The tool here detects bcrypt format ($2a$/$2b$/$2y$) and redirects you to the right page.
Is my data safe? Where does my file go when I verify it?
Your data is safe — it never leaves your browser. The hash is computed locally using the Web Crypto API and pure JavaScript. There are no server uploads, no logging, no tracking of what you verify. You can confirm this by opening browser DevTools, switching to the Network tab, and running a verification — you'll see zero outgoing requests carrying your data.
Our Network
UUIDCore.com PasswordStrength.net Base64Decode.tools Base64Encode.tools URLEncodeDecode.com WordCounterFree.com SquareFootageCalculator.com BestPercentageCalculator.net TheAgeCalculator.net