Calculate hashes
Free online hash calculator that runs entirely in your browser. Paste text or drop a file (up to 500 MB), pick one or several algorithms (MD5, SHA-1, SHA-256, SHA-384, SHA-512, CRC32), pick hex or base64 output, optionally set a key to compute HMAC variants instead of plain digests. Files are read in 4 MB chunks so a 500 MB file does not OOM your tab. A comparison block at the bottom takes two hash strings and tells you whether they match — useful for verifying file integrity against a published checksum.
How to use
Text tab for typing, File tab for drag-and-drop.
Tick the boxes you want — they all compute in parallel.
Hex for traditional display, base64 for JWT-style.
Click a result to copy it; use Compare to verify against a known hash.
Hash text or files in the browser — MD5, SHA-1, SHA-256, SHA-384, SHA-512, CRC32, with HMAC
Compare two hashes
Features
Typical uses
- Verify a downloaded ISO against its published SHA-256 checksum.
- Compute a content hash for cache-busting or ETag generation.
- Calculate a JWT-style HMAC-SHA256 for API request signing.
- Quickly produce an MD5 for a legacy system that still asks for it.
- Spot-check whether two large files are identical without diffing them.
Why this one
Most online hash tools either fail on large files (they try to load the whole thing into memory at once) or require a round-trip upload to a server. We stream files in 4 MB chunks through your browser's native crypto, so a 500 MB ISO works in a regular browser tab and the bytes never leave your machine. HMAC and CRC32 are first-class — most online tools skip them. Output matches `sha256sum`, `md5sum`, OpenSSL and every other standard implementation, so you can use it to verify a download against any published checksum.
Common questions
Is MD5 still safe to use?
Not for security purposes — MD5 has been broken since 2004. It is still fine as a fast content-checksum (cache keys, dedup) where you do not care about adversarial collisions. For signatures, password storage or anything security-sensitive, use SHA-256 or better.
What is HMAC?
A keyed-hash construction. Plain SHA-256(message) lets anyone recompute the hash; HMAC-SHA256(key, message) requires the key to produce or verify, so it works as a message-authentication code. Common in API request signing (AWS, Stripe, etc.) and JWT HS256.
How big a file can I hash?
The cap is 500 MB to keep the page snappy on low-end devices. The hashing itself is streaming-friendly — the only memory pressure is the FileReader buffer per chunk.
Does my file get uploaded?
No. The file is read locally in 4 MB chunks and hashed inside your browser tab — the bytes never go to our server. This is how you can verify a 4 GB ISO download against its published SHA-256 without paying upload bandwidth. The result matches `sha256sum` on Linux / `shasum -a 256` on macOS / `certutil -hashfile` on Windows.
Hex or base64 — which should I use?
Hex is the traditional representation (the kind you see on download pages). Base64 is shorter and is what JWT and many web APIs use for HMAC signatures. Pick whichever the system you are talking to expects.
Mobile?
Yes. The 500 MB cap applies, but for typical mobile workloads (a photo, a doc) hashing is sub-second.
We can — and it's free! Just send us a quick message with your idea. If you'd like to discuss it in detail, leave your email and we'll get back to you. You can stay anonymous.
