Are my files uploaded to compute the hash?

No. Files are read locally with FileReader and hashed in your browser. The bytes never leave your device, so you can checksum private archives, installers and documents safely.

Which hash algorithms are supported?

MD5, SHA-1, SHA-256, SHA-384 and SHA-512. The SHA family uses the browser's built-in Web Crypto API; MD5 uses a self-contained implementation so no external library is loaded.

How do I verify a download checksum?

Hash the file, then paste the published checksum into the verify box. If it matches any computed digest, that row is highlighted as a match, confirming the file is intact and untampered.

Should I still use MD5 or SHA-1?

MD5 and SHA-1 are fine for non-security checks like detecting accidental corruption or deduplicating files, but they are broken for security purposes. Use SHA-256 or stronger when integrity against a malicious actor matters.

Hash & Checksum Generator (MD5, SHA-256, SHA-512) — Local

On this page

How to use it
Verifying a checksum
Which algorithm?
Why local matters
Files & large inputs
FAQ

How to hash text and files

A hash is a fixed-length fingerprint of some data: change a single byte and the fingerprint changes completely, but the same input always produces the same digest. This tool computes five common hashes — MD5, SHA-1, SHA-256, SHA-384 and SHA-512 — at the same time, so you do not have to pick in advance. Type or paste text and press Hash text, or drag a file onto the drop area to fingerprint its raw bytes. Every digest is computed locally; nothing is uploaded.

The SHA family is calculated with the browser's built-in Web Crypto API, the same vetted implementation that powers TLS in your browser, while MD5 is produced by a small self-contained routine so that no third-party library has to load. Each result has its own Copy button, and because the algorithms are deterministic you can rely on getting the identical digest here, on the command line, or in your CI pipeline.

Verifying a download or file checksum

The most common real-world use of hashing is confirming that a file arrived intact. Projects publish a checksum next to a download; if your copy hashes to the same value, it was not truncated, corrupted in transit, or tampered with. To check one here, hash the file and then paste the published checksum into the Verify box. The tool normalizes case and whitespace, compares it against every computed digest, and highlights the matching row in green — or tells you plainly that nothing matches. There is no need to know in advance which algorithm was used: if it matches any of the five, you will see it.

Which hash algorithm should you use?

It depends on the job. For integrity against accidental damage — detecting a bad download, deduplicating files, or building a cache key — MD5 and SHA-1 are fast and perfectly adequate. For security-sensitive integrity, where someone might deliberately craft a colliding file, MD5 and SHA-1 are considered broken and you should use SHA-256 or stronger. SHA-384 and SHA-512 offer larger digests and can be faster than SHA-256 on 64-bit hardware. When in doubt, SHA-256 is the modern default that virtually every tool and platform understands.

Why a local hasher beats pasting into an AI

It is tempting to drop a string into a chatbot and ask for "the SHA-256 of this." That is a poor idea on two fronts. First, privacy: you often hash sensitive material — passwords, file contents, license keys, internal identifiers — and sending it to a third-party model means it may be retained or used for training. Second, and more surprising, correctness: language models cannot reliably compute a hash. Hashing is exact bit-level arithmetic, and a model will frequently invent a plausible-looking but wrong digest. A real implementation returns the one correct answer every time. That is the entire point of a hash, and it is exactly what a deterministic local tool guarantees.

gitime.dev is built around this distinction. Generating a one-off snippet is something AI does well. Processing your actual data — hashing, encoding, validating — belongs in a deterministic tool that runs where the data already lives: your browser tab. Nothing here phones home, so you can fingerprint a confidential file without it ever touching a server.

Files and large inputs

Because there is no upload step, hashing a file is limited only by your machine, not by an API size cap. Drop an installer, an archive or a disk image and the tool reads the bytes locally and reports how long the computation took. Text is hashed as its UTF-8 byte representation, so the digests match what command-line tools like sha256sum produce for the same content.

Five algorithms computed together: MD5, SHA-1, SHA-256, SHA-384, SHA-512.
Verify a checksum against all digests with case/whitespace normalization.
Files are hashed by raw bytes via FileReader; text via UTF-8.
Web Crypto for SHA; a self-contained MD5 with no external library.
Everything stays on your device — no upload, no logging of content.

Frequently asked questions

Are my files uploaded?: No. Files are read locally with FileReader and hashed in your browser. The bytes never leave your device.
Which algorithms are supported?: MD5, SHA-1, SHA-256, SHA-384 and SHA-512. SHA uses the Web Crypto API; MD5 uses a self-contained routine.
How do I verify a checksum?: Hash the file, paste the published checksum into the Verify box, and the matching digest row is highlighted.
Is MD5 still okay?: For accidental-corruption checks, yes. For security against a malicious actor, use SHA-256 or stronger.

Hash & Checksum Generator