File Hash Calculator

How to use

1. Drop a file into the dashed box or click browse to pick one.
2. Wait a moment while MD5, SHA-1, SHA-256, and SHA-512 are computed in your browser.
3. Copy any individual hash with its Copy button.
4. Paste a published checksum into the Verify box to confirm it matches.

What does it do?

The tool reads your file locally and produces four industry-standard digests at once — MD5, SHA-1, SHA-256, and SHA-512. Use SHA-256 for anything new; use MD5 or SHA-1 only when the publisher you are verifying against still publishes them. The Verify box accepts any hex string and tells you which of the four algorithms (if any) it matches, so you do not need to know ahead of time which one a project used.

Example

Hashing the file ubuntu-24.04.1-desktop-amd64.iso (6,114,656,256 bytes) produces:

MD5     e3a5c61d27d541e09ef0e894c514ad54
SHA-1   0bc9a82a4f7fc19f97cefc8a62e5ef10d2d65f80
SHA-256 c2e6f4dbefb08d47d3e3b41e4bcadce9dcebdf3a47f8c08390d6b8b10b35b1ab
SHA-512 bd4a8f30...d14e97c2 (128 hex chars)

Paste Ubuntu's published SHA-256 line from SHA256SUMS into the Verify box and you should see a match.

Why does my SHA-256 hash differ from what the server reports?

A few common causes of hash mismatches and limits worth knowing:

• Wrong file boundary. Hashing archive.zip vs one file inside it gives different digests. Publishers usually hash the outer archive.
• Line-ending rewrites. Git on Windows with core.autocrlf=true changes \n to \r\n on checkout, so the working-tree file no longer matches the upstream hash. Check out with core.autocrlf=false or download the raw blob.
• Hex vs Base64. sha256sum outputs hex. Some S3 ETags or signed manifests ship Base64. Pasting one where the other is expected always fails.
• Browser memory limits. The SHA family reads the file fully into an ArrayBuffer, so a 4 GB ISO may OOM a mobile browser. Try on desktop or use sha256sum on the command line for very large files.
• Comparing across algorithms. A SHA-256 (64 hex chars) is not comparable to a SHA-1 (40 chars). Match the algorithm length before you even look at the content.
• Trailing whitespace when pasting. A newline copied along with the hex digest makes the string 65 chars instead of 64. Trim before comparing.

Is my data private?

Yes — this matters a lot for a hashing tool. We don't save the file you drop here, and we don't keep the hash that gets produced either. Nothing is stored, logged, or retained — everything is discarded the moment you close or refresh the tab. Drop a private key, a signed PDF, or a full disk image with confidence. You're welcome to verify in your browser's developer tools.

Frequently asked questions

What is the difference between MD5, SHA-1, SHA-256, and SHA-512?

They differ in output length and collision resistance. MD5 is 128 bits, SHA-1 is 160, SHA-256 is 256, SHA-512 is 512. MD5 and SHA-1 are broken against deliberate collision attacks, so they should not be used for signatures or password storage — but they are still fine for verifying an accidentally corrupted download. SHA-256 is the modern default, SHA-512 is used where a longer digest is required.

Why does my SHA-256 hash differ from what the server reports?

Usually one of three causes: the file was modified on download (a CDN transcoded it, an antivirus scanner added a footer, or Git changed line endings on Windows); the publisher hashed the archive but you hashed the extracted file (or vice versa); or you are comparing hex against Base64. Recompute on both ends with the same tool and check the file size first — if the bytes differ, the hash will too.

Is there a file size limit?

The limit is your browser's memory, not the tool. The SHA family here reads the whole file into an ArrayBuffer to pass to the Web Crypto API, which practically caps at a few GB on most desktops and much less on phones. MD5 is streamed in 4 MB chunks so it tolerates larger files, but the overall workflow is memory-bound.

Does this match sha256sum or PowerShell Get-FileHash?

Yes. Running sha256sum file.iso on Linux/macOS or Get-FileHash -Algorithm SHA256 file.iso in PowerShell 5+ produces the same lowercase hex digest this tool outputs. If you see a mismatch, verify you are hashing the same bytes — PowerShell defaults to SHA-256 and sha1sum / md5sum exist as siblings for the other algorithms.

Is this tool suitable for verifying Linux ISO downloads?

Yes, that is exactly the intended use. Drop the ISO in, wait for SHA-256 to finish, and paste the expected value from the distro's checksums file into the "Verify against a known hash" box. A match proves the bytes on disk are identical to the ones the publisher signed. Always double-check the checksums file itself via a signature (GPG) when possible.

Do you save the files I hash here?

No. We don't save the file you drop in, and we don't keep the hash we produce either. Everything is discarded as soon as you close or refresh the page — no logs, no record of what you hashed. You can drop a sensitive file with confidence, and verify in your browser's developer tools if you'd like.

Related tools

• Base64 Encoder / Decoder — convert a Base64 digest to hex or vice versa for comparison.
• Password Generator — when you need a random secret instead of a deterministic hash.
• UUID Generator — for file identifiers that do not need to be content-derived.
• Diff Checker — compare two checksum files side by side to spot which hash changed.
• Regex Tester — validate that a pasted string is a 64-char hex SHA-256 before you trust it.
• All text & developer tools