File Hash & Checksum Verifier

Drop any file — an installer, an ISO, a ZIP, a PDF — and see its SHA-1, SHA-256, SHA-384, and SHA-512 digests at once. Computed in your browser via Web Crypto; the file never leaves the device. Paste an expected checksum (or a .sha256 sidecar file) to verify integrity with a constant-time compare.

Drop a file here
or click to choose — nothing is uploaded

Verify against an expected checksum

Paste a single hex digest (any algorithm), the text contents of a sha256sum / shasum sidecar file, or both. Matching is case-insensitive and ignores whitespace, surrounding quotes, and an SHA256: prefix.

Reference

About the algorithms
SHA-1
160-bit output. Considered broken for collision resistance since 2017 — still appears in legacy version-control systems, Git object IDs, and old release manifests. Do not use it for new code-signing or trust decisions.
SHA-256
256-bit output. The default for file checksums (Debian, Fedora, Homebrew bottling, npm registry, Docker layer IDs). 64 hex characters. Use this unless you have a reason not to.
SHA-384
384-bit truncation of SHA-512, initialised with a different IV. Matches the security level of AES-192. Rarely seen in the wild for file checksums.
SHA-512
512-bit output. Faster than SHA-256 on 64-bit CPUs and used internally by ed25519 signatures and some TLS cipher suites. 128 hex characters.
About the sidecar format

The parser accepts the canonical sha256sum shape (<hex> <filename> with two or more spaces between fields, or one space and a * marker for binary mode) and bare hex on its own line. Comments start with #; blank lines are ignored; a UTF-8 BOM at the start of the file is stripped. The filename field may contain spaces.