Skip to content
Security · Hashing

Checksum Verifier

Upload a file, select a hash algorithm, and compare against an expected checksum — all computed locally in your browser. Your file never leaves your device.

In-browser only FIPS 180-4 Web Crypto API

Drop a file here

or click to browse — any file type, up to 2 GiB

All hashing is done locally in your browser — your file is never uploaded.

Guide

How to Use

  1. 1
    Select your file

    Drag and drop the file onto the drop zone, or click Browse to open a file picker. The tool displays the file name and size.

  2. 2
    Choose a hash algorithm

    The tool defaults to SHA-256, which is recommended for most use cases. If the publisher specified a different algorithm, select it from the control.

  3. 3
    Wait for the hash to compute

    For small files this is instant. For large files, a progress bar shows hashing progress. Your file never leaves your browser.

  4. 4
    Paste the expected checksum

    Copy the checksum from the download page or email and paste it into the Expected checksum field. The tool compares automatically.

  5. 5
    Check the result

    A green checkmark means the checksums match — your file is intact. A red X means they do not match — double-check the algorithm and pasted checksum.

  6. 6
    Copy the hash (optional)

    Click the Copy button next to the computed hash to save it to your clipboard for records or further use.

Reference

Algorithm Comparison

Algorithm Comparison
AlgorithmStandardOutput lengthBrowser support
MD5RFC 1321128 bits (32 hex chars)JS library (@noble/hashes)
SHA-1FIPS 180-4160 bits (40 hex chars)Web Crypto API
SHA-256FIPS 180-4256 bits (64 hex chars)Web Crypto API
SHA-512FIPS 180-4512 bits (128 hex chars)Web Crypto API

Frequently Asked Questions

What is a checksum?
A checksum (or hash) is a fixed-length string generated from a file's contents using a mathematical algorithm. Even a single-byte change in the file produces a completely different checksum. By comparing your file's checksum to the one published by the file's author, you can verify that the file has not been altered or corrupted during download.
Which algorithm should I use?
Use the algorithm specified by the file's publisher. If none is specified, SHA-256 is the recommended default — it offers strong collision resistance and is widely supported. MD5 and SHA-1 are older with known collision weaknesses, but are still commonly used for basic integrity checks.
Does my file get uploaded to a server?
No. All hash computation happens entirely in your browser using the Web Crypto API and a local JavaScript library. Your file never leaves your device, is never transmitted over the network, and is not stored anywhere. You can disconnect from the internet after the page loads and the tool will still work.
What does it mean if the checksums do not match?
A mismatch means the file on your device has different contents than the file the publisher hashed. Common causes include: the download was interrupted or corrupted, you selected the wrong algorithm, or the expected checksum was copied incorrectly. Try re-downloading the file and double-checking the algorithm and checksum.
Can I verify large files like ISO images or VM disks?
Yes. The tool processes files in 8 MiB chunks, so it can handle files of any size that your browser's memory allows — typically several gigabytes. A progress bar keeps you informed during hashing.
Why does the tool suggest an algorithm when I paste a checksum?
Each hash algorithm produces a checksum of a specific length: MD5 = 32 characters, SHA-1 = 40, SHA-256 = 64, SHA-512 = 128. When you paste a checksum, the tool counts the characters and suggests the matching algorithm — helping prevent mistakes when comparing against the wrong algorithm.
Is SHA-1 still safe to use?
SHA-1 has known collision vulnerabilities — researchers can create two different files with the same SHA-1 hash. However, for verifying a single file against a known checksum, SHA-1 still works correctly. For new projects, SHA-256 or SHA-512 is strongly recommended.