Which hash algorithm should I use?

SHA-256 is the current standard for integrity checking. MD5 and SHA-1 are fast but cryptographically broken — avoid them for security purposes, though they are still used for simple integrity checks. SHA-512 provides extra strength.

How do I verify a hash on the command line?

On macOS/Linux: shasum -a 256 filename or md5 filename. On Windows: certutil -hashfile filename SHA256. Compare the output to the expected hash.

File Hash Checker — Verify File Integrity with MD5, SHA-256

Hash Algorithm Comparison

Algorithm	Output length	Speed	Security	Use when
MD5	128 bits (32 hex)	Fastest	Broken	Simple integrity only, non-security
SHA-1	160 bits (40 hex)	Fast	Broken	Legacy systems, non-security
SHA-256	256 bits (64 hex)	Good	Strong	Standard integrity verification
SHA-512	512 bits (128 hex)	Moderate	Strongest	High-security environments

How to Use It

Open the tool

Go to Images & Files and scroll to the File Hash Checker.

Load your file

Select the file to check. It is read locally by your browser — no data is sent to any server.

Select algorithm

Choose MD5, SHA-1, SHA-256 or SHA-512 — match the algorithm published by the file source.

Compare hashes

Paste the expected hash from the download page and compare. If they match, the file is intact.

Pro Tips

💡Always verify hashes for executable downloads (installers, OS images, Docker images) — a mismatch means the file may have been corrupted in transit or replaced by a malicious copy.

💡On the command line: shasum -a 256 file on macOS/Linux, or certutil -hashfile file SHA256 on Windows — useful when verifying files you can't open in a browser.

💡Hash comparison is case-insensitive — abc123 and ABC123 are the same hash. Trim any trailing whitespace before comparing to avoid false mismatches.

Frequently Asked Questions

What is a file hash used for?

Verifying that a downloaded or transferred file is identical to the original. If one bit changes, the hash changes completely — this is how corruption or tampering is detected.

Which algorithm should I use?

SHA-256 for new work — it's the current standard. MD5 and SHA-1 are cryptographically broken but still used for simple integrity checks in non-security contexts.

Is my file uploaded to a server?

No — the hash is computed entirely in your browser using the Web Crypto API. The file bytes never leave your machine.

How do I verify on the command line?

macOS/Linux: shasum -a 256 filename. Windows: certutil -hashfile filename SHA256. Compare the output against the expected hash.

Check a file hash now

Open the File Hash Checker and verify any file's integrity with MD5, SHA-1, SHA-256 or SHA-512 — free, instant, no upload.

Open File Hash Checker →