Is my file uploaded anywhere?

No. Everything runs locally in your browser. The file is read using the FileReader API and hashed with the Web Crypto API. Your file never leaves your device — this is safe for sensitive or proprietary files.

Why is MD5 still shown if it is insecure?

MD5 is broken for cryptographic security (collision attacks are practical) but still widely used for detecting accidental file corruption, where collisions are not a concern. Many software download pages still publish MD5 checksums. The tool includes it for compatibility with those pages.

How large a file can I verify?

There is no hard size limit in the tool. Very large files (several GB) take longer to hash and require free RAM proportional to their size. Files up to a few hundred MB complete in a few seconds on most machines.

The hash does not match — what does that mean?

A mismatch means the file you downloaded differs from the one the publisher hashed. Possible causes: corruption during download, downloading from an unofficial mirror that serves a modified file, or a man-in-the-middle attack. Re-download from the official source and verify again.

How do I verify a checksum from the command line?

Linux/macOS: sha256sum filename or md5sum filename. Windows PowerShell: Get-FileHash filename -Algorithm SHA256. Both print the hash so you can compare it against the publisher's value.

What is the difference between MD5, SHA-1, SHA-256 and SHA-512?

All are hash functions but with different output lengths and security levels. MD5 (32 hex) and SHA-1 (40 hex) are cryptographically broken — do not use for security-sensitive verification. SHA-256 (64 hex) is the current standard for file integrity. SHA-512 (128 hex) provides higher security at the cost of a longer output.

🔏

File Checksum Verifier

Calculate and verify MD5, SHA-1, SHA-256 and SHA-512 checksums for any file. Compare against a known hash to verify integrity. Free, runs in your browser.

🔒 Security Tools Free Browser-based

Tool

Drop a file here or browse

Your file is never uploaded — hashes are computed in your browser

Algorithms to compute

MD5 SHA-1 SHA-256 SHA-512

What is a File Checksum?

A checksum (or hash) is a fixed-length fingerprint computed from a file's contents. Even a single changed byte produces a completely different hash. Software publishers provide checksums so you can confirm a downloaded file is authentic and was not corrupted or tampered with in transit.

Hash Algorithm Comparison

Algorithm	Output length	Security	Common use
MD5	128-bit (32 hex)	Deprecated for security	Legacy checksums, quick integrity
SHA-1	160-bit (40 hex)	Deprecated for security	Git commits, legacy systems
SHA-256	256-bit (64 hex)	Secure	File integrity, code signing
SHA-512	512-bit (128 hex)	Very secure	High-security file verification

How to Verify a Downloaded File Step by Step

Download the file from the official source.
Find the publisher's checksum — usually listed on the download page next to the file or in a separate .sha256 or CHECKSUMS.txt file.
Drop your downloaded file into this tool and select the same algorithm the publisher used (SHA-256 is the most common).
Compare the hash this tool generates against the publisher's hash — they must match character for character.
If they match: the file is intact and unmodified. If they do not match: re-download from the official source or try a different mirror.

From the terminal: sha256sum filename (Linux/macOS) or Get-FileHash filename (PowerShell on Windows) performs the same check without a browser tool.

File Checksum Verifier

What is a File Checksum?

Hash Algorithm Comparison

How to Verify a Downloaded File Step by Step

Frequently Asked Questions