Checksum Verifier
Upload a file to compute MD5, SHA-1, SHA-256, and SHA-512 checksums. Compare against an expected value to verify integrity.
Drop a file here or click to browse
All processing happens locally in your browser
SHA-1, SHA-256, and SHA-512 use the browser's Web Crypto API. MD5 is computed in pure JavaScript. No data is transmitted: all processing is local.
Verify file integrity locally: MD5, SHA-1, SHA-256, and SHA-512 in one step
A checksum is a fixed-length fingerprint of a file. If even a single bit changes, whether from download corruption, a man-in-the-middle attack, or storage failure, the checksum will be completely different. This makes checksums indispensable for verifying that software downloads, backup archives, and transmitted files are intact.
AlteredIdea processes your file entirely within the browser. SHA-1, SHA-256, and SHA-512 are delegated to the W3C Web Crypto API for maximum performance. MD5 is implemented in pure JavaScript for compatibility. No byte of your file is ever transmitted over the network.
How to use: step by step
- 1Drop or select your file
Drag a file into the drop zone or click to browse. Any file type and size is supported: processing is local. - 2Wait for hashes to compute
MD5 is computed in pure JavaScript; SHA-1 / SHA-256 / SHA-512 use the browser's native Web Crypto API for maximum speed. - 3Copy any hash
Each algorithm row has a Copy button. Use the hash that matches your download's published checksum. - 4Paste the expected checksum
In the Verify panel, choose the algorithm and paste the expected hash from the software publisher. - 5Check the result
A green 'Checksums match' or red 'Checksums do not match' indicator tells you instantly whether the file is intact.
Related Tools
Hash Generator
Compute MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes for text or files. All hashes shown simultaneously with one-click copy.
HMAC Generator
Generate HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 message authentication codes with a secret key.
Password Strength
Analyze password entropy, character composition, and estimated crack time across different attack scenarios.
AES Encrypt / Decrypt
Encrypt and decrypt text with AES-256-GCM. Password-derived key via PBKDF2. Output includes salt and IV: fully self-contained.
Frequently Asked Questions
- Is my file uploaded to a server?
- No. Your file is read directly by the browser using the FileReader API. No network request is made: the file stays on your device.
- Which hash should I use to verify a download?
- Use whichever algorithm the publisher provides. SHA-256 is the modern standard. MD5 is still common for legacy software but is not collision-resistant.
- What is the maximum file size?
- There is no hard limit enforced by the tool. The browser processes the file in memory, so very large files (multi-gigabyte) may be slow depending on your hardware.
- Why does the tool compute four hashes at once?
- Computing all four simultaneously saves you from re-uploading if the publisher only provides one specific algorithm. The Web Crypto API calls are parallelised.
- Why is MD5 included if it's weak?
- MD5 is still used by many software publishers for checksum purposes (not security). Including it ensures you can verify any published checksum regardless of algorithm.
- What does 'file integrity' mean?
- It means the bits of the downloaded file are identical to the original. A matching checksum rules out corruption during download or transfer but does not prove the original file was safe.
- Can I verify an ISO or disk image?
- Yes. ISO files, disk images, ZIP archives: any binary file: can be dropped into the tool for checksum verification.
- Is SHA-256 the same as SHA-2?
- SHA-256 is one member of the SHA-2 family (which also includes SHA-384 and SHA-512). SHA-1 is a separate, older algorithm that is no longer considered secure for cryptographic purposes.
- How do I verify a file checksum on Windows?
- You can use this browser tool on Windows by dragging any file into the drop zone: no software installation needed. Alternatively, open PowerShell and run Get-FileHash filename.ext -Algorithm SHA256. Compare the output to the publisher's checksum to confirm the file is intact.
- How do I check if a downloaded file has been tampered with?
- Drop the downloaded file into this tool and compare the SHA-256 hash it produces against the checksum published on the official download page. If they match exactly (every character), the file is identical to what the publisher released. Any difference means the file was corrupted or altered.
AlteredIdea vs alternatives
vs online hashing sites: Many send your data to a server to hash it. AlteredIdea runs all cryptographic operations in your browser using the Web Crypto API: your sensitive data never leaves your device.
vs openssl / command line: No terminal, no setup. Just paste and get results instantly.
vs library code: No coding required. Instant visual output with copy-to-clipboard.