MD5 has been broken for collision resistance since 2008 and the WebCrypto API deliberately omits it. If you need MD5, the publisher should ship a SHA-256 instead.

Is it safe to hash a confidential file here?

Yes. The file is loaded into the page and processed by the browser's WebCrypto implementation in-memory. No bytes are sent to CheckMySys — you can verify this in the Network tab.

Which hash should I use for checksums?

SHA-256 is the default for Linux distro releases, Git content addressing, and TLS fingerprints. Prefer SHA-384 or SHA-512 if you specifically need a longer digest.

Hash Generator

Input text

Encoded as UTF-8 before hashing. 43 characters.

SHA-1

SHA-256

SHA-384

SHA-512

How to use the hash generator

Pick Text or File. In text mode the hashes recompute on every keystroke using UTF-8 encoding. In file mode the file is read into memory and hashed in one shot — the whole computation happens in your browser via the WebCrypto API (crypto.subtle.digest).

SHA-256 is the default choice for integrity checks (Linux distros, Git internal addressing, TLS certificate fingerprints). SHA-1 is included for legacy verification only — it has been broken for collision resistance since 2017 and should not be used for anything new. SHA-384 and SHA-512 are larger variants with more output bits; prefer them when you need a wider digest.

MD5 is deliberately not included. It is broken (chosen-prefix collisions demonstrated in 2008) and modern browsers omit it from WebCrypto for that reason. If you only need MD5 to verify a download, the publisher should ship a SHA-256 instead.

Nothing is uploaded. Files you pick never leave your browser — you can confirm this in DevTools Network tab while hashing.

Related tools

Hash any text or file with SHA-1, SHA-256, SHA-384, or SHA-512 — computed locally via the WebCrypto API.