File Hash Checker

Generate and verify SHA-1, SHA-256, SHA-384, and SHA-512 hashes for files and text locally.

File Hash Checker

Drop a file or click to browse

Hashing is done locally in your browser

All hashing is performed locally · No files are uploaded

How to Use

Select a file or enter text

Choose a file to hash locally in the browser, or switch to text mode to hash a string.

Wait for hash computation

All four hash algorithms (SHA-1, SHA-256, SHA-384, SHA-512) are computed simultaneously.

Paste an expected hash to verify

Enter a known-good hash from a download page to confirm the file matches the expected checksum.

Copy the hash values

Copy any hash for documentation, comparison scripts, or sharing with others for verification.

What is a File Hash?

A cryptographic hash is a fixed-length fingerprint of a file or message. Even a tiny change to the input completely changes the hash output. Hashes are used to verify file integrity after downloads, detect tampering, and store passwords securely.

Real-World Examples & Use Cases

Software Download Integrity Verification

When downloading software, operating system images, or large files, the provider publishes SHA-256 checksums alongside the download. After downloading, you compute the file's SHA-256 hash and compare it to the published checksum. If they match, the file arrived intact and unmodified. If they differ, the file was corrupted in transit or tampered with by a man-in-the-middle attacker. This verification is critical for security-sensitive downloads: OS installers, security tools, database backups.

Digital Forensics and Evidence Chain of Custody

Legal and forensic investigations require proving that digital evidence (hard drive images, document files, log files) has not been altered. Before and after handling evidence, a SHA-256 hash is computed and recorded. Later hash verification confirms the evidence is unchanged — an unbroken chain of custody. Courts accept cryptographic hash verification because any modification (even one bit change) produces a completely different hash, making tampering detectable with mathematical certainty.

Data Deduplication and Duplicate File Detection

Storage systems and backup tools use file hashing to detect duplicate files. Two files with identical SHA-256 hashes are guaranteed to have identical content (the probability of a SHA-256 collision is astronomically small). Content-addressable storage systems (Git, IPFS, Bittorrent) identify files by their hash rather than their name. Using a file hash checker to compute hashes of suspected duplicate files confirms whether they are truly identical, regardless of different file names or timestamps.

Password Hashing Verification and Security Testing

Developers building authentication systems need to verify that their password hashing implementation produces correct outputs. A SHA-256 text hasher confirms that hashing 'password123' produces the expected 64-character hex digest. This helps debug hash configuration issues in security code. Note: for actual password storage, SHA-256 is not appropriate — use password-specific algorithms (bcrypt, Argon2, scrypt) that are deliberately slow and salted to resist offline dictionary and brute-force attacks.

How It Works

SHA Hash Algorithm Overview: SHA-256 (Secure Hash Algorithm, 256-bit output): - Output: 256 bits = 32 bytes = 64 hex characters - Designed by NSA, standardized by NIST (FIPS 180-4) - Used in: Bitcoin, TLS certificates, code signing, file integrity - Collision resistance: Finding two inputs with same output would require ~2^128 operations (practically impossible) SHA-384 and SHA-512: - SHA-384: 384-bit output (96 hex chars), truncated SHA-512 - SHA-512: 512-bit output (128 hex chars) - Stronger than SHA-256, used in high-security contexts (government, long-term archival, quantum-resistant design) SHA-1 (deprecated, legacy only): - Output: 160 bits = 40 hex characters - NO LONGER SECURE: collision attacks demonstrated in 2017 (SHAttered attack found real SHA-1 collision) - Avoid for new security applications - Still shown for legacy compatibility checking only Browser Web Crypto API (SubtleCrypto): const hashBuffer = await crypto.subtle.digest( 'SHA-256', await file.arrayBuffer() ); const hashArray = Array.from(new Uint8Array(hashBuffer)); const hashHex = hashArray .map(b => b.toString(16).padStart(2, '0')) .join(''); All processing is done locally in the browser — no file data is transmitted to any server.

Frequently Asked Questions

What is the difference between SHA-256 and SHA-512?▼

Both are SHA-2 family algorithms designed by NSA. SHA-256 produces a 256-bit (64 hex character) hash. SHA-512 produces a 512-bit (128 hex character) hash. SHA-512 provides higher security margin, is slightly faster on 64-bit CPUs (its internals use 64-bit words), and is slower on 32-bit CPUs/mobile. For most practical purposes in 2024, SHA-256 is sufficient — its security margin remains very large. SHA-512 is preferred for long-term archival and contexts where post-quantum crypto considerations matter (longer hashes retain more security margin against quantum attacks).

Is file hashing the same as encryption?▼

No — they are fundamentally different. Hashing is one-way: given a hash, you cannot recover the original file. The same input always produces the same hash, and any change produces a completely different hash. Encryption is two-way: data can be encrypted and decrypted using a key. Use hashing for: file integrity verification, password storage (with specialized slow hash algorithms), and data deduplication. Use encryption for: protecting data confidentiality during storage (AES-256) or transmission (TLS). A file hash proves a file is unchanged; it does not protect the file's contents.

Can two different files ever produce the same hash?▼

Theoretically yes (called a hash collision), but for SHA-256, it's computationally infeasible. The birthday bound for finding a SHA-256 collision requires ~2^128 operations — more computational work than all computers on Earth could perform in the age of the universe. In practice, if two files have the same SHA-256 hash, they are the same file. SHA-1 had its first demonstrated collision in 2017 (the SHAttered attack), which is why SHA-1 is deprecated for security use. MD5 collisions can be generated in seconds on a laptop today.

What is the difference between a checksum and a hash?▼

All cryptographic hashes are checksums, but not all checksums are cryptographic hashes. A checksum is any value computed from data used to detect errors or verify integrity. Simple checksums like CRC32 and Adler-32 are fast, non-cryptographic, designed only to detect accidental corruption (not deliberate tampering). A cryptographic hash (SHA-256, SHA-512) is designed to resist deliberate manipulation: it's computationally infeasible to create a modified file that produces the same hash. Download pages use SHA-256 or SHA-512 (not CRC32) to detect both accidental corruption and intentional tampering.

Why is my hash different every time I hash the same file?▼

A cryptographic hash function is deterministic: the same input always produces exactly the same output. If you're seeing different hashes for the same file, possible causes: the file was modified between hashes (even file metadata or a hidden byte at the end changes the hash), you're computing different algorithms (SHA-256 vs MD5 of the same file look completely different), or there's a whitespace or encoding difference in text mode ("hello" and "hello\n" produce different SHA-256 hashes). Verify by hashing the exact same file twice without any modification.

Related Tools

Explore other tools in this category.

JSON Formatter

Format, validate, prettify, and minify your JSON data quickly.

Password Strength Checker

Analyze how secure your password is and generate a strong one instantly.

CSS Unit Converter

Convert between CSS units: px, rem, em, pt, vw, vh, cm, mm, and inches.

Binary ? Text Converter

Convert plain text to binary code and decode binary back to readable text.

Text to Binary Converter

Convert letters and strings into computer binary format.

QR Code Generator

Create and download customized QR codes for URLs, text, and contacts.