Why is my hash different from someone else's hash for the same file?

If two SHA-256 hashes differ for what looks like the same file, the files are not actually identical — even a single byte difference (a different newline at the end of the file, a stripped EXIF tag, a re-saved PDF) yields a completely different hash. This is the property that makes SHA-256 useful for tamper detection. Always hash the original byte-for-byte file, never a re-saved copy.

FREE — NO UPLOAD — NO SIGNUP

SHA-256 Hash Calculator

Calculate SHA-256, SHA-1, SHA-384, or SHA-512 of any file or text. Everything runs in your browser — nothing is uploaded, nothing is logged. No signup, no rate limit.

Algorithm:

Drop a file here or click to browse

Up to ~5 GB. Stays in your browser.

Need more than just a hash? For a court-admissible web capture, the hash needs a trusted timestamp, a digital signature, and chain of custody. Try ProofSnap free for 7 days →

SHA-256 in one paragraph

SHA-256 is a cryptographic hash function from the SHA-2 family, standardized by NIST in FIPS PUB 180-4 and IETF RFC 6234. It produces a fixed 256-bit (32-byte) digest displayed as 64 hexadecimal characters. Any change to the input — even a single bit — produces a completely different output (the avalanche property). No practical collision against SHA-256 has been demonstrated; the brute-force collision cost is ~2¹²⁸ operations. SHA-256 underpins TLS certificates, the Bitcoin blockchain (proof-of-work uses double SHA-256), modern code-signing certificates, and electronic-evidence integrity under Federal Rules of Evidence 902(14) in the United States and eIDAS Regulation (EU) No 910/2014 in the European Union.

Output length: 256 bits / 32 bytes / 64 hex characters
Standardized in: FIPS 180-4 (NIST), RFC 6234 (IETF)
Collision resistance: ~2¹²⁸ operations — no known break
Court admissibility: FRE 902(14), eIDAS Art. 41, ISO/IEC 27037

How to verify a SHA-256 checksum

Four ways to compute and compare a SHA-256 hash. Pick whichever is most convenient — they all produce the same 64-character hex string for the same file.

1. In this browser tool (recommended)

Drag & drop the file onto the drop zone above.
Read the 64-character SHA-256 hash.
Open the Compare hashes tab and paste both hashes to verify.

No installation, no upload, works offline once loaded.

2. Windows (PowerShell or Command Prompt)

certutil -hashfile "C:\path\to\file.zip" SHA256

Get-FileHash "C:\path\to\file.zip" -Algorithm SHA256

Both commands ship with Windows 10 and 11 by default.

3. macOS (Terminal)

shasum -a 256 ~/Downloads/file.zip

Built into every macOS install. The output begins with the 64-character SHA-256 hash.

4. Linux (any distribution)

sha256sum /path/to/file.zip

Provided by GNU coreutils on every major distribution (Debian, Ubuntu, Fedora, RHEL, Arch, openSUSE).

Verification rule: Compare the computed hash with the publisher’s expected hash character by character. A single different character means the file has been altered or corrupted — never trust a partial match.

SHA-256 vs SHA-1 vs MD5 — which should you use?

For integrity checking, digital evidence, and any legal or security context, only SHA-256 (or stronger SHA-2 variants) is acceptable today. SHA-1 and MD5 have published practical collision attacks and are deprecated by NIST.

Algorithm	Output size	Collision status	Court / forensic use	Recommendation
SHA-256	256 bits / 64 hex	No collision found (~2¹²⁸)	FRE 902(14), eIDAS Art. 41, ISO/IEC 27037	Use this
SHA-384	384 bits / 96 hex	No collision found	Acceptable, less common	Use if required
SHA-512	512 bits / 128 hex	No collision found	Acceptable, faster on 64-bit CPUs	Use if required
SHA-1	160 bits / 40 hex	Practical collision (Google SHAttered, 2017)	Deprecated (NIST SP 800-131A)	Legacy only
MD5	128 bits / 32 hex	Broken since 2004 (Wang & Yu)	Disregarded by modern courts	Do not use

Sources: NIST FIPS 180-4 (SHA-2 family), NIST SP 800-131A (SHA-1 deprecation), Stevens et al., The First Collision for Full SHA-1 (CRYPTO 2017), Wang & Yu, How to Break MD5 and Other Hash Functions (Eurocrypt 2005). This page intentionally omits MD5 because it is unsupported by the Web Crypto API and disallowed for evidence work.

Why calculate a SHA-256 hash?

Verify file integrity

If the SHA-256 you compute matches the SHA-256 published by the source, the file has not been corrupted or tampered with — not even by a single bit.

Compare two files

Two files with the same SHA-256 are guaranteed identical. Compare a downloaded file against the original to detect even invisible changes (one extra newline, stripped EXIF, re-saved PDF).

Document evidence

A SHA-256 hash gives a unique fingerprint of an evidence file at a point in time. To make it defensible in court you also need a trusted timestamp and signature — that’s what ProofSnap automates.

A hash alone is not court evidence

A SHA-256 fingerprint proves the file has not changed since you computed the hash. It does not prove WHEN the file existed, or WHO created it. For court-admissible web evidence under FRE 901/902 (US) or eIDAS Article 41 (EU), you also need:

Trusted timestamp

Proves the hash existed at a specific time. Bitcoin blockchain via OpenTimestamps, RFC 3161 TSA, or eIDAS Qualified Trust Service Provider.

Digital signature

Proves who computed the hash. RSA-4096 or ECDSA with a publicly verifiable certificate or public key.

Chain of custody

A signed record of who handled the evidence, when, on what device, with what software. ISO/IEC 27037 is the standard.

Self-verifiable package

Anyone can re-check hashes, signatures, and timestamps without trusting the issuer. Drop a ZIP into ProofSnap’s free Trust Verifier and watch it validate.

Want hash + blockchain timestamp + court-ready PDF in one click?

ProofSnap captures any web page with SHA-256 + RSA-4096 signature + Bitcoin blockchain timestamp + eIDAS qualified timestamp + chain of custody — all in a self-verifying ZIP. Court-admissible under FRE 901/902 and eIDAS Article 41. From $4.99 one-time, no subscription required.

Start 7-day free trial See pricing

Frequently asked questions

Is this SHA-256 hash calculator really free and private?↓

Yes. The hash is calculated entirely in your browser using the Web Crypto API. No file or text is ever uploaded to our servers. There is no signup, no account, no rate limit. The whole tool is a static HTML page — you can view the source to confirm.

What is SHA-256 used for?↓

SHA-256 is a cryptographic hash function that produces a unique 64-character hexadecimal fingerprint for any input. It is used to verify file integrity (any change, even one bit, produces a completely different hash), to anchor data on the Bitcoin blockchain, and as the integrity primitive in legal evidence packages such as ProofSnap. If two files share the same SHA-256, they are practically guaranteed to be identical.

Does a SHA-256 hash prove a file is genuine evidence?↓

A hash alone proves only that the file has not been altered since the hash was taken. It does not prove WHEN the file existed or WHO created it. For court-admissible web evidence under FRE 901/902 or eIDAS Article 41, you also need a trusted timestamp, a digital signature, and chain of custody. ProofSnap captures all four in a self-verifying ZIP.

What is the largest file I can hash with this tool?↓

There is no hard server-side limit because nothing leaves your browser. In practice the limit is your device’s available memory — most modern laptops handle 2–5 GB without issue.

Why is my hash different from someone else’s for the same file?↓

If two SHA-256 hashes differ for what looks like the same file, the files are not actually identical — even a single byte difference (a different newline, a stripped EXIF tag, a re-saved PDF) yields a completely different hash. This is the property that makes SHA-256 useful for tamper detection.

Can I use this hash in a court case?↓

You can document the SHA-256 of a file with this tool, but for it to be defensible in court you also need a trusted timestamp so opposing counsel cannot argue you computed the hash after the fact. ProofSnap automates that whole chain — the hash is anchored on the Bitcoin blockchain at capture time and, on Enterprise plans, also issued an eIDAS qualified timestamp under Article 41 of EU Regulation 910/2014. ProofSnap is not a law firm and does not provide legal advice.

SHA-256 vs SHA-1 vs MD5 — which should I use?↓

SHA-256 is the standard for legal and forensic use — collisions have never been demonstrated. SHA-1 has practical collision attacks (Google, 2017) and should not be used for security-critical applications. MD5 has been broken since 2004. This tool offers SHA-1, SHA-256, SHA-384, and SHA-512; MD5 is intentionally omitted.

How do I verify a SHA-256 checksum on Windows?↓

Two ways. Option A (Command Prompt): certutil -hashfile "C:\path\to\file.zip" SHA256. Option B (PowerShell): Get-FileHash "C:\path\to\file.zip" -Algorithm SHA256. Both are built into Windows 10 and 11 — no installation required. Or simply drag the file onto this page and read the 64-character hash.

How do I verify a SHA-256 checksum on macOS or Linux?↓

On macOS open Terminal and run shasum -a 256 ~/Downloads/file.zip. On Linux run sha256sum /path/to/file.zip. Both are pre-installed. Compare the printed 64-character hex hash to the publisher’s expected hash character by character. Or drop the file onto this page for the same result with no command line.

Is SHA-256 reversible? Can I get my file back from a hash?↓

No. SHA-256 is a one-way function. Given the 64-character hash you cannot reconstruct the original file or text — that is what makes it useful as a fingerprint. The only way to find an input that produces a given hash is brute force, which would take ~2²⁵⁶ operations on average (well beyond the energy budget of the observable universe).

Does this tool work offline or behind a corporate firewall?↓

Yes. Once the page is loaded, all hashing runs locally via the browser’s Web Crypto API. You can disconnect from the internet and the tool keeps working. Behind a corporate firewall there is nothing to block — the tool never makes outbound network calls during hashing.

Which browsers support this hash calculator?↓

All modern browsers: Chrome, Edge, Firefox, Safari, Opera, Brave, Arc and Vivaldi. The tool relies on the Web Crypto API (crypto.subtle.digest), which has been supported in Chrome since version 37 (August 2014) and Firefox since version 39 (July 2015), with broad cross-browser support from mid-2015 onwards. It does not work in Internet Explorer.