πŸ“ File Checksum Verifier

Last updated: June 19, 2026

πŸ“ File Checksum Verifier

Verify any file locally β€” SHA-256, SHA-1, MD5. Nothing is uploaded.

⬇️
Drag & drop a file here, or click to browse
πŸ“„
β€” β€”

SHA-256 vs MD5 vs SHA-1: Which Checksum Algorithm Should You Actually Trust in 2024?

You have just downloaded a 4 GB Linux ISO, a Windows installer, or a firmware update for a network switch. The project's download page lists a string of letters and numbers next to the file β€” something like b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9. That string is a checksum, also called a hash or digest, and it is your primary defence against receiving a corrupted or maliciously modified file. The question most people skip is: does it matter which algorithm generated that string?

The short answer is yes β€” sometimes critically. Here is how the three algorithms you will encounter most often actually compare.

What a Checksum Is Really Doing

A cryptographic hash function takes every single byte of your file as input and produces a fixed-length fingerprint. Change one bit anywhere in a 4 GB file and the fingerprint changes completely β€” this is called the avalanche effect. The legitimate publisher computes the hash before distributing the file and posts the result alongside the download link. You recompute the hash after downloading and compare the two values. A match means every byte arrived exactly as the publisher intended. A mismatch means something changed in transit β€” whether through accidental corruption on a mirror server, a man-in-the-middle injection, or a compromised CDN.

The three algorithms you will encounter β€” MD5, SHA-1, and SHA-256 β€” all do this same job, but they differ enormously in their resistance to deliberate forgery.

MD5: Fast, Familiar, and Fundamentally Broken for Security

MD5 was designed by Ron Rivest in 1991 and produces a 128-bit (32 hexadecimal character) digest. For most of the 1990s it was the dominant checksum standard. The problem is that in 2004, researchers demonstrated practical collision attacks β€” they could produce two different files that hashed to the same MD5 digest. By 2008, the Flame malware exploited an MD5 collision to forge a fraudulent Microsoft code-signing certificate, enabling it to spread through Windows Update.

What does this mean practically? If a sophisticated attacker intercepts a file before it reaches you and replaces it with a crafted substitute, they can produce a substitute whose MD5 matches the original. The checksum page says one value, your download produces the same value, but the file is different.

That said, MD5 is not useless. For detecting accidental corruption β€” a dropped packet, a bad sector, a truncated download β€” MD5 works perfectly well and its speed is useful for very large files. Many Linux distributions still publish MD5 sums alongside SHA-256, partly for legacy tooling compatibility. But no serious software project relies on MD5 alone as proof of authenticity.

SHA-1: Deprecated but Widely Deployed

SHA-1 produces a 160-bit (40 hexadecimal character) digest and was designed by the NSA, published as a federal standard in 1995. It held up reasonably well until 2017, when Google's Project Zero team produced the first real-world SHA-1 collision β€” the SHAttered attack β€” requiring roughly 6,500 CPU-years of computation but demonstrating the attack was no longer purely theoretical.

The practical collision cost has continued to drop. A 2019 paper reduced the attack cost to around $45,000 in cloud compute time β€” still expensive, but within reach of a well-funded adversary. Certificate authorities stopped issuing SHA-1 TLS certificates in 2016. Git is actively migrating its object storage from SHA-1 to SHA-256.

You will still see SHA-1 checksums published by older projects and on download pages that have not been updated in years. For casual integrity verification β€” confirming that a file downloaded cleanly β€” SHA-1 is still serviceable. For anything involving software you are going to run on production systems, or firmware you are going to flash to hardware, SHA-256 is the only responsible choice.

SHA-256: The Current Practical Standard

SHA-256 is part of the SHA-2 family, standardised by NIST in 2001. It produces a 256-bit (64 hexadecimal character) digest. As of mid-2024, there are no known practical collision attacks against SHA-256. The theoretical difficulty of mounting a collision attack against SHA-256 is so large β€” on the order of 2^128 operations β€” that it remains computationally infeasible even for nation-state actors with significant resources.

SHA-256 is what the Bitcoin network uses to secure every block in its blockchain β€” a system carrying hundreds of billions of dollars in value and under constant adversarial pressure. It is what package managers like Homebrew, APT, and npm use to verify package integrity. It is what code-signing pipelines use to confirm build artefacts have not been altered. When a project publishes a SHA-256 checksum, you can be confident that matching it rules out not just accidental corruption but also deliberate substitution by any non-quantum adversary currently known.

The cost of this security is modest. SHA-256 is slower than MD5 β€” on a modern CPU without hardware acceleration, roughly two to three times slower. But modern Intel and ARM chips both include dedicated SHA extensions that make SHA-256 extremely fast in practice, and the browser's built-in Web Crypto API uses these hardware paths automatically.

SHA-512: More Bits, Sometimes Less Speed

SHA-512 produces a 512-bit digest and is part of the same SHA-2 family. On 64-bit hardware it is often faster than SHA-256 because it processes data in 64-bit words rather than 32-bit words. On 32-bit systems or older mobile chips it can be significantly slower. The extra bit-length provides no practical security benefit over SHA-256 for file verification purposes β€” both are so far beyond current attack capability that the difference is academic. You will see SHA-512 sums published by security-conscious projects, but SHA-256 remains more universal.

When the Checksum Alone Is Not Enough

A crucial limitation that many guides gloss over: a checksum only proves the file matches what the publisher computed. It does not prove the publisher is who they claim to be, and it does not protect you if the page hosting the checksum was itself compromised.

If an attacker gains access to a project's download server, they can replace both the file and the checksum. You would download the malicious file, compute its hash, and it would perfectly match the new checksum posted on the same compromised page.

This is why serious software distribution chains layer checksum verification with cryptographic signatures β€” typically GPG/PGP. The publisher signs the checksum file with a private key and you verify the signature against a public key you obtained from a different trusted channel (a keyserver, a separate HTTPS site, or a key distributed with the operating system). Debian, Fedora, and most professional security tools all follow this model. For high-stakes downloads, checksums are necessary but not sufficient.

The Practical Verdict

For everyday download verification, use SHA-256 whenever the project offers it. It is universally supported, free of known vulnerabilities, and fast enough on any hardware made in the last decade. Fall back to SHA-1 only if SHA-256 is genuinely unavailable. Treat MD5 as a corruption detector, not a security guarantee, and do not trust it as the sole verification mechanism for software you plan to execute. For critical infrastructure updates, firmware, or code-signing artefacts, add GPG signature verification on top of the checksum check. The few extra minutes this takes are a small price compared to the cost of running compromised code.

FAQ

Does this tool upload my file to a server?
No. The entire checksum calculation runs inside your browser using the Web Crypto API and a pure-JavaScript MD5 implementation. The file bytes never leave your device. You can even disconnect from the internet before dropping a file in and the tool will still work perfectly.
Why does SHA-256 have 64 characters but MD5 only has 32?
The number of characters in the hex output reflects the digest size. MD5 produces a 128-bit hash, which takes 32 hex characters to represent (4 bits per hex digit). SHA-256 produces a 256-bit hash, requiring 64 hex characters. SHA-512 produces 128 hex characters. More bits means a larger output space and greater resistance to collision attacks.
The checksum didn't match β€” what should I do?
First, double-check that you copied the expected checksum correctly and selected the right algorithm. Publishers sometimes list multiple algorithms on the same page (MD5, SHA-1, SHA-256) and it is easy to compare a SHA-256 hash against an MD5 expected value. If the algorithm and expected value are correct and the match still fails, delete the file, re-download it from the publisher's official source directly, and verify again. Do not run a file that fails checksum verification.
Can I use this to verify files I created myself?
Absolutely. Drop any file in without entering an expected value and the tool will display its computed hash. This is useful for generating checksums to publish alongside your own downloads, verifying that a file copied between drives is bit-for-bit identical, or confirming a backup was not silently corrupted.
Is MD5 completely useless?
Not completely. MD5 is broken for security purposes β€” a determined attacker can craft a malicious file that shares the same MD5 hash as a legitimate file. However, MD5 still reliably detects accidental corruption: a dropped network packet, a partially written file, or a bad disk sector will always produce a different MD5 hash. If a project only offers MD5, use it for basic integrity checking but do not treat it as proof the file is authentic or unmodified by an adversary.
What is the difference between a hash and a digital signature?
A hash (checksum) is a one-way fingerprint of file contents. It proves the file matches a known value but does not prove who produced that known value. A digital signature cryptographically links the hash to a specific private key holder, proving both the file's integrity and the identity of the signer β€” provided you already trust their public key. For maximum security, verify both the SHA-256 checksum and the publisher's GPG signature on sensitive downloads.