File Hash Calculator
Calculate SHA-1, SHA-256, SHA-512 hashes for any file. Verify file integrity.
Click to select a file
Calculate cryptographic hashes
Common Use Cases:
- Verify downloads: Compare hash with the one provided by the software publisher
- Detect tampering: Check if a file has been modified
- File integrity: Ensure files weren't corrupted during transfer
- Duplicate detection: Identical files produce identical hashes
Generate cryptographic hashes (SHA-1, SHA-256, SHA-512) for any file to verify integrity, detect tampering, or compare files. All calculations happen in your browser.
A cryptographic hash is a fixed-length fingerprint of a file. Change one byte and the hash changes completely, which is why hashes are the standard way to verify a download hasn't been corrupted or tampered with. Distributors publish the expected SHA-256 on a release page; you compute the hash of the file you downloaded and compare. Match means identical file; mismatch means something is wrong — partial download, mirror issue, or an attacker substituting a modified binary.
This calculator computes SHA-1, SHA-256, and SHA-512 (plus MD5 for legacy verification) entirely in your browser via the Web Crypto API. The file is read in chunks so even multi-gigabyte ISOs don't exhaust memory, and the bytes never leave your machine. This matters when the file is confidential — computing the hash of an internal build artifact on someone else's server would defeat the point.
SHA-256 is the right default for most use cases: it's cryptographically strong, widely published alongside downloads, and fast enough on modern hardware. SHA-1 is still seen on older release pages but is collision-broken and shouldn't be used for new security decisions. MD5 is broken — useful only as a quick non-security checksum, like detecting duplicate files.
- 1
Select a file
Drop a file into the dropzone or click to browse. Any file type works — ISOs, binaries, PDFs, archives, source code.
- 2
Pick hash algorithms
Toggle SHA-256 (default), SHA-1, SHA-512, and MD5. The calculator computes all selected hashes in a single pass over the file.
- 3
Compare against the expected hash
Paste the publisher's expected hash into the verify field. The tool compares constant-time and shows match or mismatch clearly.
Verifying downloaded software
Confirm a Linux ISO, installer, or Docker image matches the SHA-256 published on the vendor's site before running it.
Release artifact audits
Check that a binary a CI pipeline produced matches the hash recorded in the release notes or the signature manifest.
Detecting duplicate files
Hash two suspected duplicates — if the SHA-256 matches, they're byte-identical regardless of filename or modification time.
Chain-of-custody evidence
Forensic and legal workflows rely on hashes to prove a file hasn't been modified between collection and examination.
Which hash algorithm should I use?
SHA-256 for almost everything. It's strong, widely supported, and fast. SHA-512 is marginally faster than SHA-256 on 64-bit hardware with very large files. Avoid SHA-1 and MD5 for anything security-sensitive — both have practical collision attacks.
Is my file uploaded anywhere?
No. Hashing runs in your browser via the Web Crypto API. The file is read in chunks from local disk — none of its bytes are sent over the network.
Why are MD5 and SHA-1 still common?
Inertia, mostly. They're fast and produce short hashes, so old tools, torrents, and legacy systems still publish them. For non-security uses like integrity checks against random corruption, they're fine. For anything where an attacker might tamper with the file, use SHA-256.
How large a file can I hash?
Files up to a few gigabytes hash without issue because the calculator reads in chunks rather than loading the whole file into memory. Expect a few seconds per gigabyte on modern hardware.
Do two files with the same hash always have identical contents?
For SHA-256 and SHA-512, yes in practice — the odds of a coincidental collision are astronomically small. For MD5 and SHA-1, collisions have been constructed deliberately, so a matching hash is strong evidence but not absolute proof.