File Hash & Checksum (MD5, SHA-256…)
Get the MD5, SHA-1, SHA-256, SHA-384, and SHA-512 checksum of any file to verify downloads. Files are read in your browser and never uploaded.
Runs in your browser — nothing uploaded
Drop a file here, or click to choose
Any file type · stays in your browser
Compute the MD5, SHA-1, SHA-256, SHA-384, and SHA-512 checksum of any file to confirm a download is genuine and complete. Drop a file in, compare it against a published hash, and copy the result — all in your browser, with nothing uploaded.
Private by design — your data never leaves your device
How to use it
No account, no upload — it all happens on your device.
1
Drop a file onto the box, or click to choose one.
2
The MD5, SHA-1, SHA-256, SHA-384, and SHA-512 checksums compute instantly.
3
Optionally paste an expected checksum to verify — a match is highlighted.
4
Copy any hash with one click.
Verifying a download
The point of a checksum is trust.
- Integrity. A matching hash means not one byte changed in transit — no corruption, no truncated download.
- Authenticity. If the site serves its checksum over HTTPS (or signs it), a match means you have the exact file the author published, not a swapped or backdoored copy.
- Speed. All five hashes are computed in one pass in your browser, so you can match whatever format a site provides.
MD5 and SHA-1: still useful, not secure
MD5 and SHA-1 can be deliberately collided by an attacker, so they should not be relied on to prove a file wasn't maliciously altered. They're fine for catching accidental corruption and for matching legacy checksums. For security, prefer SHA-256 or stronger.
Frequently asked
What is a checksum used for?
A checksum (hash) is a fingerprint of a file's exact bytes. Software sites publish one so you can confirm your download arrived complete and untampered: compute the hash locally and check it matches the published value. A single changed byte produces a completely different hash.
Which algorithm should I use?
Use SHA-256 unless a site tells you otherwise — it's the modern standard. MD5 and SHA-1 are still common for compatibility but are cryptographically broken for security purposes; treat a match on those as an integrity check, not a security guarantee.
Is my file uploaded?
No. The file is read into memory and hashed in your browser with the Web Crypto API (and js-md5 for MD5). Nothing is uploaded — you can even use this offline.