ToolsOps

Security

Hash and checksum calculator (SHA-256, MD5, SHA-512)

Hash text or files in your browser. The calculator supports SHA-256, SHA-1, SHA-384, SHA-512 and MD5, with hex or base64 output. It includes a field to paste an expected checksum and verify a match, useful when checking official downloads (.iso, Docker images, signed releases). The data you enter never leaves your browser: everything is computed locally, SHA-* via Web Crypto API and MD5 via local JavaScript.

Source
AlgorithmSelect the hash algorithm

32 bytes (64 hex chars). The current standard for integrity and signing. It is what most mirrors and release notes publish.

For storing passwords never use a plain hash: use bcrypt, scrypt or argon2 with an explicit cost. Plain SHA-256 is far too fast and enables dictionary attacks.

0 characters · 0 bytes UTF-8

Encoded as UTF-8 before hashing. The computation happens in your browser.

Computed hash
Encoding
Case
No hash yet. Enter text or choose a file.

Whitespace, line breaks and casing are ignored. The comparison happens locally; nothing is sent to a server.

Paste an expected hash to verify integrity.

Only the algorithm, mode, encoding and casing go into the URL. Text, file and expected hash are NEVER added to the URL.

How to verify the integrity of a download

A hash function maps any-size input to a fixed-length output (16 bytes for MD5, 32 for SHA-256). The same input always produces the same output and a tiny change in input flips most output bits (avalanche effect). That is why a hash works as a content fingerprint.

The most common case: a distro download page publishes the SHA-256 of the .iso. You download it, compute the SHA-256 locally, and check it matches the published value. If it matches, the file is intact. If not, it was corrupted, tampered with, or you got the wrong build.

Available algorithms and what to use each one for.
AlgorithmDigest lengthRecommended use
MD516 bytes (32 hex)Non-security checksums. Detecting accidental corruption. Do NOT use for anything requiring cryptographic security.
SHA-120 bytes (40 hex)Legacy compatibility (Git internals, older systems). Do NOT use for new signatures or authentication.
SHA-25632 bytes (64 hex)Current standard for integrity and signing. Recommended default.
SHA-38448 bytes (96 hex)SHA-2 variant used in TLS and some Subresource Integrity profiles.
SHA-51264 bytes (128 hex)Longer SHA-2 variant. Common in Linux distros and modern GPG signatures.

Privacy and local computation

The data you enter never leaves your browser. SHA-* algorithms run locally with Web Crypto API; MD5 runs with local JavaScript code. No text input, selected file, or expected checksum is sent to a server. Verify it by opening DevTools on the Network tab: you will not see any request that carries that data.

When NOT to use MD5

MD5 has been cryptographically broken for over a decade. Generating collisions (two different files with the same MD5) is trivial. Do not use it for:

  • Integrity verification when an attacker could tamper with the file (use SHA-256 minimum in that case).
  • Password storage (plain hashes are not suitable, use bcrypt, scrypt, or argon2, never SHA or MD5).
  • Signatures.
  • It is reasonable only for detecting accidental corruption in non-security downloads published with legacy MD5.

Passwords do not go through this tool

For storing passwords, no plain hash function is suitable, not even SHA-256 or SHA-512. The reason: they are designed to be very fast, which helps an attacker brute-force billions of guesses per second against a stolen hash. For passwords, use deliberately slow functions with mandatory salt:

  • bcrypt: historical standard, widely available.
  • scrypt: memory-hard, mitigates specialized hardware attacks.
  • argon2: winner of the 2015 Password Hashing Competition, current recommendation.

Real-world use cases

  • Verifying a downloaded ISO: paste the SHA-256 published by the distro into 'Expected hash' and drop the file into the dropzone.
  • Comparing two versions of a file: hash each with SHA-256, then compare the resulting digests.
  • Building a Subresource Integrity manifest: use SHA-256 or SHA-384 with base64 output to assemble the `integrity` attribute.
  • Detecting corruption after a copy: hash source and destination with SHA-256; matching digests confirm a byte-identical copy.

Examples

  • e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855Empty string with SHA-256
  • ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015adText 'abc' with SHA-256
  • 900150983cd24fb0d6963f7d28e17f72Text 'abc' with MD5
  • Paste the published SHA-256 into 'Expected hash' and drop the downloaded file.Verifying a Debian ISO
  • Hash each version with SHA-256 and compare the resulting digests visually or via the expected field.Comparing two versions of a file

Frequently asked questions

Does my data leave the browser?
No. Hashes and checksums are computed in your browser via Web Crypto API (for SHA-*) or local JavaScript (for MD5). The text you type, the files you drop, and the expected checksum never reach a server. You can confirm by opening DevTools on the Network tab while you use the tool: there are no requests that carry the input, the file, or the checksum.
Why is there a warning on MD5?
MD5 is cryptographically broken. Practical collision attacks exist (two different files producing the same MD5). It is still useful for detecting accidental corruption in downloads, but not safe for integrity against attackers, password storage, or signatures. Use SHA-256 or higher for integrity and signatures. For passwords, use bcrypt, scrypt, or argon2: plain hashes (including SHA-256 and SHA-512) are not suitable.
What file size can I hash?
It depends on the browser, the device, and available memory. SHA-* algorithms (Web Crypto API) require loading the whole file into memory, so a 200 MB file uses at least 200 MB of RAM during the computation. The calculator shows a warning starting at 100 MB and a stronger notice above 256 MB; on modest mobile devices the thresholds are halved. For very large files routinely, use `sha256sum` or `Get-FileHash` in a local terminal.
What is the difference between SHA-1 and SHA-256?
SHA-1 produces 160 bits (40 hex chars); SHA-256 produces 256 bits (64 hex chars). SHA-1 has been deprecated for security cryptography since 2017, when Google and CWI published a real-world collision. SHA-256 is still considered safe and is the current standard for integrity and signatures. Git uses SHA-1 internally for commit identifiers for historical compatibility.
What is the 'Expected hash' field for?
It is the most common real use case: a vendor publishes the expected SHA-256 (or MD5) of a file (a Debian ISO, for instance), you download it, and want to confirm it was not corrupted or altered. Paste the published hash and the result tells you 'Match' or 'Mismatch'. Comparison ignores whitespace and case.
Why are results always the same length?
A hash function always produces a fixed-length output regardless of input size. SHA-256 is always 256 bits (64 hex), MD5 is always 128 bits (32 hex), SHA-512 is always 512 bits (128 hex). That is why a hash cannot be used to 'compress' data: output is fixed-size but input can be arbitrarily large, making it mathematically impossible to reconstruct the input.
Can I hash a password with this tool?
You should not. No plain hash is suitable for storing passwords, not MD5, not SHA-256, not SHA-512: they are designed to be fast, which helps an attacker brute-force any stolen hash. For password storage, use deliberately slow functions with mandatory salt: bcrypt, scrypt, or argon2. This calculator is meant for file checksums and integrity verification, not password storage.
Hex or base64, which one?
Hex (default) is the standard format in `sha256sum`, software releases, certificates and most docs. Base64 is more compact and appears in some protocols, HTTP Subresource Integrity headers, or APIs, or where you need the digest as a shorter string. The calculator offers a toggle.