File Hash Generator

{{ status === 'loading' ? 'Hashing file' : (hashed_output ? 'File digest' : 'Ready to hash') }}

{{ status === 'loading' && file && file.name ? file.name + ' is being hashed locally.' : (hashed_output ? (latestRecord.name ? latestRecord.name + ' · ' + latestRecord.size_human : 'Digest restored from URL state.') : 'Choose a file to generate a local SHA-256 checksum.') }}

{{ hash_type }} Salt: {{ salt_position === 'prefix' ? 'Prefix' : 'Suffix' }} {{ uppercase ? 'Uppercase' : 'Lowercase' }} {{ summaryStats.totalRuns }} run{{ summaryStats.totalRuns === 1 ? '' : 's' }}

File:

Drop or browse a single file; choosing another file replaces the current digest.

Generate MD5, SHA, SHA-3, or RIPEMD-160 checksums locally.

Hashing file…

{{ latestRecord.size_human }} hashed with {{ hash_type }}

Hash type:

Use SHA-256 for most modern download checks unless a source publishes another digest.

Salt:

Enter UTF-8 salt text or leave blank for a standard file checksum.

Salt position:

Match the required convention: prefix before file bytes or suffix after them.

Uppercase output:

Turn on only when the expected checksum uses uppercase A-F.

#	File	Size	Algo	Salt	Pos	Hash	Copy
{{ r.idx }}	{{ r.name }}	{{ r.size_human }}	{{ r.hash_type }}	{{ r.salt ? 'Yes' : 'No' }}	{{ r.salt ? (r.salt_position === 'prefix' ? 'Prefix' : 'Suffix') : '—' }}	{{ r.digest }}
No file digests yet Choose a file to populate the hash history ledger.

Hash at least one file to unlock the algorithm breakdown.

Hash at least one file to unlock the salt and case breakdown.

Embed:

Customize

Include current inputs

Size

Advanced

Width

Height

Aspect ratio

Max height

Collapsible embed

Allow fullscreen

Referrer policy

Sandbox tokens

File hashes are checked at the points where bytes can be swapped, truncated, re-created, or copied from the wrong place: software downloads, firmware images, archives, backups, source releases, migration exports, and forensic copies. The visible file name is only a label. A hash digest is calculated from the file's exact byte stream, so a one-byte change should produce a different fixed-length value even when the name, extension, and folder path still look right.

That makes a hash a byte-integrity check, not a full trust decision. A matching digest is strong evidence that a local file matches the bytes represented by a reference checksum. It does not prove that the publisher was legitimate, that the file is safe to run, or that the reference checksum was posted through an authentic channel. Security-sensitive workflows often pair the checksum with a signed release, a trusted manifest, a malware scan, or a chain-of-custody record.

Digest: The fixed-length hexadecimal value produced from the input bytes.
Algorithm: The exact hash rule, such as MD5, SHA-1, SHA-256, SHA3-256, or RIPEMD-160. Algorithm names are not interchangeable.
Salt: Extra text added before or after the file bytes. Salted and unsalted checksums answer different comparison questions.
Reference checksum: The value supplied by a release page, manifest, ticket, audit record, or teammate for comparison.

Diagram of file bytes, optional salt, hash rule, hex digest, and same-rule comparison

The word checksum is sometimes used for both casual corruption checks and stronger cryptographic digests, so the surrounding record matters. A SHA-256 reference will not match a SHA-512 digest of the same file. A salted digest will not match a normal release checksum. A digest generated from an extracted folder will not match the archive that was originally downloaded. Copy the algorithm name, the exact object being checked, and any salt rule from the source that supplied the reference.

Algorithm age changes how far a match should be trusted. MD5 and SHA-1 still appear in old manifests and storage systems, but their collision resistance is not suitable for new adversarial checks. SHA-2 is the usual modern checksum family for public downloads. SHA-3 and Keccak-family labels need exact naming discipline because nearby names in different software can describe values that do not compare equal.

How to Use This Tool:

This tool hashes one local file at a time in the browser and records the runs from the current page session.

Drop a file into File or choose Browse file. When hashing starts, the file area changes from the empty prompt to a processing state, then to the selected filename and size.
Set Hash type to the algorithm named by the checksum source. Choose SHA-2-256 for a new ordinary checksum only when no outside reference requires a different option.
Leave Salt blank for normal vendor checksums, release manifests, and archive comparisons. Use Random only when your workflow deliberately requires a shared 16-byte hex salt.
If you do use salt, match Salt position exactly. Prefix salt places the salt before the file bytes, while suffix salt places it after the file bytes.
Turn on Uppercase output only when the expected value is printed with capital A to F. The digest value is the same apart from letter case.
Copy the latest value from File digest, or use History, chart exports, DOCX, CSV, and JSON when you need a record of several runs.

If the result is blank, choose the file again. If the digest does not match a reference, recheck the algorithm, salt text, salt position, and casing before deciding the file changed.

Interpreting Results:

The latest File digest value is the comparison value. A character-for-character match means the same byte sequence was hashed under the same algorithm and salt rule. A mismatch means at least one of those inputs differed, or the reference checksum was copied from the wrong source.

Common file hash outcomes and follow-up checks
Outcome	Likely meaning	What to check next
Exact digest match	The file bytes match the reference under the selected settings.	Trust the match only as much as you trust the reference checksum.
Same characters except case	The hexadecimal value is the same.	Use `Uppercase output` only if the receiving system expects that display style.
Different digest length	The algorithm probably differs from the reference.	Match the algorithm name before judging the file.
Digest changes after salt edits	The input byte stream changed.	Clear `Salt` for ordinary checksums or match the agreed salt rule exactly.
Repeated mismatch with fixed settings	The file bytes or reference value differ.	Re-download, re-copy the checksum, or confirm the reference through another trusted channel.
Charts show several algorithms or salt states	The current session contains mixed runs.	Use the final intended history row for evidence, not the chart summary alone.

A hash match is not a malware scan, code signature, or proof of authorship. If the file is security-sensitive, pair the checksum with a trusted download channel, digital signature, policy scan, or chain-of-custody record.

Technical Details:

A cryptographic hash function compresses an arbitrary-length byte stream into a fixed-size digest. The same bytes always produce the same digest with the same algorithm, while a small byte change should alter the output in a way that looks unrelated. That avalanche behavior makes hashes practical for detecting accidental corruption and for comparing large files without reading both files side by side.

The byte stream is the object being tested. Renaming a file, moving it to another folder, or changing the displayed extension does not change the digest if the bytes are unchanged. Re-saving a document, extracting an archive, changing line endings inside a text file, or appending metadata can change the bytes and therefore the digest. For a reference checksum to be meaningful, the same object must be hashed under the same rule.

Security use depends on more than determinism. Collision resistance means it should be infeasible to find two different inputs with the same digest. Preimage resistance means a digest should not reveal an input that produced it. Second-preimage resistance protects against finding a different input that matches a specific existing input. Older algorithms can still reproduce legacy records, but weak collision resistance makes them poor choices for new adversarial checks.

Transformation Core

The digest is computed over the file bytes alone unless salt text is supplied. Salt position changes the byte order, so prefix and suffix salt are different inputs.

\begin{array}{lcll} d & = & hex (H (F)) & unsalted file checksum \\ d & = & hex (H (S || F)) & prefix salt \\ d & = & hex (H (F || S)) & suffix salt \end{array}

F is the exact file byte stream, S is the optional UTF-8 salt text, H is the selected algorithm, and d is the hexadecimal digest. Uppercase output changes only the letters used to display hex digits a to f; it does not create a different digest value.

Supported hash families and digest lengths
Family	Available choices	Digest bits	Hex characters	Best reading
MD5	`MD5`	128	32	Legacy compatibility and accidental-corruption checks, not collision-resistant security decisions.
SHA-1	`SHA-1`	160	40	Old manifests and records; avoid for new checks that rely on collision resistance.
SHA-2	`SHA-2-224`, `SHA-2-256`, `SHA-2-384`, `SHA-2-512`	224 to 512	56 to 128	Current general-purpose family; SHA-256 is common for public file checksums.
SHA-3 or Keccak-family labels	`SHA-3-224`, `SHA-3-256`, `SHA-3-384`, `SHA-3-512`	224 to 512	56 to 128	Use only when the source names the same variant; compare against a known value when formal SHA-3 compatibility matters.
RIPEMD	`RIPEMD-160`	160	40	Compatibility path for older checksum ecosystems that publish RIPEMD-160 values.

Hex length is a useful sanity check because each hex character represents four bits. A 32-character value points to a 128-bit digest, a 40-character value points to 160 bits, a 64-character value points to 256 bits, and a 128-character value points to 512 bits. When the lengths differ, algorithm mismatch is usually more likely than a damaged file.

Conditions that do and do not change a digest
Change	Byte stream being hashed	Expected digest result
Rename the file only	Same	Same digest
Change one byte inside the file	Different	Different digest
Switch from SHA-256 to SHA-512	Same file bytes, different algorithm	Different digest length and value
Add, remove, or edit salt text	Different	Different digest
Move the same salt from prefix to suffix	Different order	Different digest
Change only uppercase display	Same	Same digest value

Session history is evidence of the current page session, not a permanent audit log. Each row records the file name, size, algorithm, salt status, salt position, case choice, digest, and local time for that run. The ledger keeps up to 500 rows, with oldest rows removed first after the limit is reached.

Limitations and Privacy Notes:

The selected file is read and hashed in the browser, so the file bytes are not uploaded for the hash calculation. Very large files can take longer because the browser has to read the local bytes before the digest is ready.

The history is held in the current page session and clears when the page is reloaded or closed. Exports can still contain file names, sizes, salt status, timestamps, and digest values, so treat exported ledgers as records of the files you checked.

Browser-based checks are convenient for ordinary downloads and repeatable local comparisons, but they are not a substitute for an approved forensic or compliance process. Regulated evidence work should record the environment, use approved tools, and preserve chain-of-custody outside the browser.

Salt here is simple UTF-8 text added to the byte stream. It is not a password-hashing work factor, a keyed message authentication code, or a digital signature.

Worked Examples:

Checking a release download

A vendor publishes a SHA-2-256 checksum for an installer. Choose the installer, leave Salt blank, and compare the 64-character File digest value with the vendor text. A character-for-character match means the installer bytes match that published reference.

Diagnosing a length mismatch

A teammate sends a 40-character checksum, but the current run produces 128 characters. That is a signal to check Hash type, not proof that the file is corrupt. A 40-character digest usually points to SHA-1 or RIPEMD-160, while 128 characters points to a 512-bit option.

Using an agreed salt rule

An internal process says to append release-2026-q2 after an archive before hashing it. Enter that text in Salt, set Salt position to suffix, and keep the same algorithm for every participant. The unsalted archive digest should differ because it was produced from a different byte stream.

FAQ:

Does the selected file leave my device?

No. The file bytes are read and hashed in the browser for this tool. The session history is not kept after reload or close unless you export it yourself.

Why does the digest change when the filename stays the same?

The digest depends on file bytes, not the name. If the bytes changed, the selected algorithm should produce a different File digest.

Can I hash the same file with several algorithms?

Yes. After a file is selected, changing Hash type, Salt, Salt position, or Uppercase output recalculates and adds a row to History.

Why does my published checksum have a different length?

Digest length usually reflects the algorithm. Match Hash type to the source before comparing the file, then clear any accidental salt and try again.

How many runs can the history keep?

History keeps up to 500 rows in the current page session. After that, the oldest rows are removed first.

Glossary:

Byte stream: The exact sequence of bytes read from the file, before any optional salt is added.
Digest: The hexadecimal output produced by a hash algorithm.
Collision resistance: Resistance to finding two different inputs that produce the same digest.
Preimage resistance: Resistance to finding an input that produces a given digest.
Salt: Extra text placed before or after the file bytes so the digest depends on both values.
Checksum manifest: A list of reference digests used to compare downloaded, archived, or transferred files.

References:

Hash Functions, NIST Computer Security Resource Center.
FIPS 180-4: Secure Hash Standard, National Institute of Standards and Technology, August 2015.
FIPS 202: SHA-3 Standard, National Institute of Standards and Technology, August 2015.
NIST Policy on Hash Functions, NIST Computer Security Resource Center, updated September 9, 2024.
Keccak Specifications Summary, Keccak Team.
RFC 6151: Updated Security Considerations for MD5, RFC Editor, March 2011.