ToolBelt

File Hash Calculator

Compute MD5, SHA-1, SHA-256, SHA-384 and SHA-512 for any file.

Open tool

Overview

The file hash calculator computes cryptographic digests of any uploaded file using MD5, SHA-1, SHA-256, SHA-384, and SHA-512 in a single pass. The hex output lets you confirm a download has not been tampered with, deduplicate files by content rather than name, or include a digest in a build manifest.

Software distributors publishing checksums, IT auditors verifying evidence integrity, and developers wiring up release pipelines reach for this as a quick browser-side alternative to running sha256sum from a shell. Long-tail searches that lead here include "calculate file SHA-256 online", "verify file checksum", and "compute multiple hashes at once".

How it works

Each hash function is a one-way digest defined in IETF RFCs — MD5 (RFC 1321), SHA-1 (RFC 3174), and the SHA-2 family (FIPS 180-4) — that maps an arbitrary-length input to a fixed-length output. The calculator streams the file through all selected algorithms simultaneously so a single read produces every digest, then renders each result as a lowercase hex string and, for SHA-256 and SHA-512, a Base64 form for convenience.

Hashes are deterministic: identical files always produce identical digests, and even a one-bit change anywhere in the file flips roughly half the output bits. That property is what makes a published sha256 line on a download page a reliable integrity check.

Examples

  • Verify a downloaded ISO matches the SHA-256 published by the project.
  • Generate hashes for every artifact in a release before signing.
  • Compute MD5 for a legacy system that still requires that algorithm in its manifest.
  • Confirm two files are byte-identical without doing a byte-level diff.

FAQ

Is MD5 still safe to use?
For collision-resistance, no — MD5 is broken and attackers can construct two different files with the same MD5. For incidental integrity checks against a known-good value, it is still useful but inferior to SHA-256.

What about SHA-1?
SHA-1 is also broken for collisions, and major projects have migrated to SHA-256. It is offered here for compatibility with older manifests.

Why does my hash differ from the website's published value?
Common causes: a CRLF/LF line-ending change after editing a text file, a partial download, or hashing a file that includes a BOM. Re-download and recompare.

Are the files uploaded to a server?
The hash is computed on the file bytes you provide and the file itself is not retained beyond the request lifetime.

Can I hash a folder?
No, hashing is defined per-file. To fingerprint a directory, hash each file and then hash the manifest.

Try File Hash Calculator

An unhandled error has occurred. Reload ×