What this tool does
Computes cryptographic hashes (MD5, SHA-1, SHA-256, SHA-384, SHA-512) of text or file contents, entirely in your browser. The output is a fixed-length hex digest you can paste into a checksum file, compare against a published hash, or use as a lookup key.
When you'd use it
- Verifying that a downloaded file matches the SHA-256 the publisher posted.
- Generating a stable cache key for a piece of content.
- Computing an integrity hash for a Subresource Integrity (SRI) attribute.
- Quickly fingerprinting a file before sending it somewhere.
How it works
SHA-1, SHA-256, SHA-384, and SHA-512 use the browser's WebCrypto API (crypto.subtle.digest), which is implemented natively in C/Rust and runs at near-disk-read speed for files. MD5 is not in WebCrypto (it has been deprecated for security uses for over a decade), so we ship a small RFC 1321 implementation that runs in the same tab. File hashing reads chunks of the file via the standard File/Blob API — no upload, no temp file, no server.
Notes
MD5 and SHA-1 are still listed — should I use them? Only for non-security purposes. Use them for content-addressed caches, ETags, dedup keys, or comparing against a legacy checksum. Do not use them for password storage, signatures, or anything where collision resistance matters.
Which SHA should I use for new code? SHA-256 is the right default. SHA-512 is faster on 64-bit CPUs and gives you a longer digest if you need one. SHA-384 exists mostly for matching specific compliance requirements.
Why does my hash differ from what shasum shows? Most likely a trailing newline. echo "hello" adds \n, while pasting "hello" into this tool does not. Use echo -n to drop the newline, or paste the bytes verbatim.