File Hash Calculator
Drop any file to compute its MD5, SHA-1, SHA-256, SHA-384 and SHA-512 hashes instantly. Verify downloads by pasting the expected hash. 100% browser-based — your file never leaves your device.
🔐 What This Tool Does
A free online file hash calculator that computes MD5, SHA-1, SHA-256, SHA-384, and SHA-512 of any file you drag into the browser. All five hashes are computed simultaneously. The tool uses the browser's native crypto.subtle.digest API for SHA (fast, cryptographically correct) and the SparkMD5 library (loaded on first use from CDN) for MD5.
Verify downloaded files match their expected hash by pasting the hash published on the download site. The tool auto-detects which algorithm the hash is based on its length (32 chars = MD5, 40 = SHA-1, 64 = SHA-256, 96 = SHA-384, 128 = SHA-512) and shows a green check or red cross.
📝 Before & After Example
Input file
ubuntu-24.04-desktop-amd64.iso
(5.6 GB)
Output (computed in browser)
SHA-256:
7bb4878f3ac3ae53e2bd1b7c07b9c21...
MD5: 87a1c2de...
✓ Match (SHA-256)
⚡ How to Use
- Drop a file onto the file zone, or click to pick one
- Wait a moment — hashes compute in your browser (fast for small files, a few seconds for multi-GB files)
- Copy any hash — each algorithm has its own copy button
- Optional: paste the expected hash from your download source to verify integrity. The tool auto-detects the algorithm by hash length.
🔬 Hash Algorithm Reference
| Algorithm | Bits | Hex length | Use case |
|---|---|---|---|
| MD5 | 128 | 32 | Checksums, caching, legacy (broken for security) |
| SHA-1 | 160 | 40 | Git, legacy systems (broken for security) |
| SHA-256 | 256 | 64 | Modern standard — downloads, signing, blockchain |
| SHA-384 | 384 | 96 | TLS, certificates, high-security contexts |
| SHA-512 | 512 | 128 | High security, large files, password hashing |
🎯 Use Cases
💾 Verify downloads
Download an ISO, installer, or software package, then verify it matches the SHA-256 published on the official site. Catches corruption and MITM attacks.
🔒 Security research
Hash a malware sample to check it against VirusTotal. SHA-256 is the standard identifier for malware samples in threat intelligence.
🔄 Backup integrity
Hash files before and after backup to verify they restored correctly. A matching hash means byte-for-byte identical.
📦 Version tracking
Compare hashes of two builds to see if they're identical. Useful for reproducible build verification.
🔒 Privacy
- ✓ File bytes read locally via
File.arrayBuffer()— no upload - ✓ SHA hashes computed natively via Web Crypto API (hardware-accelerated on modern devices)
- ✓ MD5 computed in-browser via SparkMD5 library (loaded once from CDN, then works offline)
- ✓ Zero network requests when hashing — verify in DevTools Network tab
❓ Frequently Asked Questions
What is a file hash and why would I compute one?
A file hash is a fixed-length "fingerprint" of a file. Even a single bit change in the file produces a completely different hash. You compute a hash to verify a downloaded file has not been tampered with or corrupted during transfer. Software download sites publish the expected SHA-256 hash next to the download link — you compute the hash of what you actually downloaded and compare.
Which hash algorithm should I use?
For verifying downloads: SHA-256 is the modern standard. For legacy compatibility: MD5 and SHA-1 are still widely used but are cryptographically broken and should not be used for security. SHA-384 and SHA-512 are longer variants of SHA-2 used when you need extra security or compatibility with specific systems (e.g., PGP signing).
Is my file uploaded anywhere?
No. The hash is computed entirely in your browser using the native Web Crypto API (for SHA) and SparkMD5 (for MD5). Your file is read from your local disk into your browser tab's memory, hashed there, and the result is shown. No network upload happens. You can verify by opening DevTools → Network tab while you hash a file — you will see zero requests after the initial page load.
How large a file can I hash?
The practical limit is your device's memory. On modern computers, files up to 2-4 GB hash successfully. For very large files (ISO images, video files), it may take 10-30 seconds while the whole file loads into memory, but it will work. There is no server bandwidth limit because no upload happens.
Why is MD5 still included if it is "broken"?
Because MD5 is still widely used for non-security checksums — verifying file integrity during download (not against malicious tampering), caching keys, quick content deduplication, and legacy system compatibility. It is just as useful as SHA-256 for catching accidental corruption. Just do not use it where security matters.
How do I verify a downloaded file matches the expected hash?
Paste the expected hash into the "Expected hash" field. As soon as the file is hashed, the tool compares the computed hash against the expected value and shows a green checkmark (match) or red cross (mismatch). The comparison is case-insensitive and ignores whitespace, so you can paste directly from any source.
Is this the same as hashing a string?
No. Hashing a text string and hashing a file of the same content can produce different results because files often include invisible bytes — BOM markers, line ending differences (CRLF vs LF), trailing newlines, metadata. If you need to hash text content, use our SHA-256 or MD5 hash tools instead. For actual file integrity, use this tool.
Does this work with binary files like ZIPs and images?
Yes. The tool reads the raw bytes of any file type — ZIP archives, MP4 videos, PNG images, PDF documents, executables — and computes the hash of the exact binary content. This is what you want for verifying software downloads and file integrity.