File Hash & Checksum (MD5, SHA-256…)

Get the MD5, SHA-1, SHA-256, SHA-384, and SHA-512 checksum of any file to verify downloads. Files are read in your browser and never uploaded.

Runs in your browser — nothing uploaded
Drop a file here, or click to choose
Any file type · stays in your browser

Compute the MD5, SHA-1, SHA-256, SHA-384, and SHA-512 checksum of any file to confirm a download is genuine and complete. Drop a file in, compare it against a published hash, and copy the result — all in your browser, with nothing uploaded.

Private by design — your data never leaves your device

How to use it

No account, no upload — it all happens on your device.

1
Drop a file onto the box, or click to choose one.
2
The MD5, SHA-1, SHA-256, SHA-384, and SHA-512 checksums compute instantly.
3
Optionally paste an expected checksum to verify — a match is highlighted.
4
Copy any hash with one click.

Verifying a download

The point of a checksum is trust.

  • Integrity. A matching hash means not one byte changed in transit — no corruption, no truncated download.
  • Authenticity. If the site serves its checksum over HTTPS (or signs it), a match means you have the exact file the author published, not a swapped or backdoored copy.
  • Speed. All five hashes are computed in one pass in your browser, so you can match whatever format a site provides.

MD5 and SHA-1: still useful, not secure

MD5 and SHA-1 can be deliberately collided by an attacker, so they should not be relied on to prove a file wasn't maliciously altered. They're fine for catching accidental corruption and for matching legacy checksums. For security, prefer SHA-256 or stronger.

Frequently asked

What is a checksum used for?
A checksum (hash) is a fingerprint of a file's exact bytes. Software sites publish one so you can confirm your download arrived complete and untampered: compute the hash locally and check it matches the published value. A single changed byte produces a completely different hash.
Which algorithm should I use?
Use SHA-256 unless a site tells you otherwise — it's the modern standard. MD5 and SHA-1 are still common for compatibility but are cryptographically broken for security purposes; treat a match on those as an integrity check, not a security guarantee.
Is my file uploaded?
No. The file is read into memory and hashed in your browser with the Web Crypto API (and js-md5 for MD5). Nothing is uploaded — you can even use this offline.

Related tools

JSON Formatter & BeautifierFormat, beautify, and validate JSON instantly in your browser. Your data never leaves your device.JWT Decoder & VerifierDecode and verify JSON Web Tokens (JWT) in your browser. HS256, RS256, ES256 supported. Tokens and keys never leave your device.Base64 Encoder & DecoderEncode text to Base64 or decode Base64 back to text instantly in your browser. Unicode-safe. Nothing is uploaded.