Checksum Calculator

Software publishers post a SHA-256 next to each download so users can verify the file matches what was published. If the download was corrupted in transit or replaced by a malicious version, the hashes won't match and the user is alerted before running the bad file. Linux distributions, Tor, Docker, and most reputable software-distribution sites do this.

Depends on the threat model. MD5 collisions can be fabricated by an attacker, so MD5 is unsafe for verifying authenticity (a malicious file with the same MD5 as a legitimate one can be constructed). For accidental-corruption detection (the file fell over a network cable), MD5 is fine — there's no attacker actively crafting collisions. Use SHA-256 when in doubt.

To make verification flexible regardless of what reference hash is published. If the publisher posts MD5, you can match MD5; if SHA-256, match SHA-256. Modern downloads usually publish SHA-256 (or SHA-512); older downloads might still use MD5 or SHA-1. Having all five available means you can verify any of them in one operation.

Two different files producing the same hash. The pigeonhole principle guarantees collisions exist for any fixed-output hash function — the question is how hard they are to find. SHA-256 collisions are computationally infeasible (~2¹²⁸ work). MD5 collisions can be generated in seconds with public tools. SHA-1 was broken by Google's SHAttered attack in 2017.

Modern browsers process about 1 GB/sec for SHA-256 on consumer hardware, slower for SHA-512. The browser uses Web Crypto's native implementation which is hardware-accelerated where supported. MD5 and SHA-1 use small JavaScript implementations (Web Crypto deliberately omits the broken algorithms).

No. Hashing runs entirely in your browser — large files are streamed in chunks via FileReader and the Web Crypto API. You can hash sensitive files (private keys, internal source code, password databases) without exposing them to any server.