All tools
Security tools

Hash Verifier

Paste your text and a known hash — the tool auto-detects the algorithm and tells you instantly whether they match.

MD5 · 32 chars SHA-1 · 40 chars SHA-256 · 64 chars SHA-384 · 96 chars SHA-512 · 128 chars
Get started free Sign in

Free · No credit card · 50 credits/day

How it works

Two inputs, one answer.

1

Paste your text

Enter the original text — a file checksum source, a config value, an API key, any string you want to verify.

2

Paste the known hash

Enter the hash you want to compare against. The algorithm is detected automatically from the length of the hash string.

3

Get an instant verdict

The tool re-hashes your text with the detected algorithm and compares the result using constant-time comparison, then shows match or no match.

Algorithm auto-detection

The algorithm is inferred from the hex length of your hash — no dropdown needed.

Algorithm Hex characters Bit length Security
MD5 32 128 bits Broken
SHA-1 40 160 bits Broken
SHA-256 64 256 bits Secure
SHA-384 96 384 bits Secure
SHA-512 128 512 bits Secure

If your hash length doesn't match any of these, the tool returns an error with the expected lengths.

When would you verify a hash?

Hash verification shows up everywhere integrity matters.

📥

Software download verification

Developers publish SHA-256 checksums alongside their releases. Paste the file content and the published hash — if they match, the download hasn't been tampered with.

🔑

API key and token integrity

Verify that an API key or secret token hasn't been corrupted in transit or storage by comparing it against a known hash of the original value.

📋

Config file auditing

Hash a known-good config file on deploy and store the hash. Later, re-hash and compare to detect unauthorised changes to your configuration.

🌐

Webhook payload verification

Services like GitHub and Stripe sign webhook payloads with HMAC-SHA256. Verify the signature matches the payload before trusting the request.

🗂️

Database record integrity

Store a hash of sensitive fields. On read, re-hash and compare to detect silent data corruption or tampering at the storage layer.

📦

Build artifact comparison

Confirm that a compiled binary or package uploaded to a registry matches the hash produced during CI — catching supply-chain substitutions.

Constant-time comparison

We compare hashes using PHP's hash_equals(), which always takes the same amount of time regardless of where the strings differ. A naive === comparison leaks information through timing differences — attackers can use this to guess hash values one character at a time. hash_equals() eliminates that side channel entirely.

Frequently asked questions

How does the hash verifier detect the algorithm automatically?

It infers the algorithm from the length of the hex digest you provide: 32 characters = MD5, 40 = SHA-1, 64 = SHA-256, 96 = SHA-384, 128 = SHA-512. If the length doesn't match any known algorithm, an error is returned with the expected lengths.

What is a timing attack and how do you prevent it?

A timing attack exploits the fact that a naive string comparison (===) returns early as soon as it finds a mismatch, leaking information about how many characters matched. Our verifier uses PHP's hash_equals(), which always takes the same amount of time regardless of where the strings differ, eliminating the side channel.

What can I use this tool for?

Common uses: verifying a downloaded file's checksum against the one published by the developer; confirming a config value or API key hasn't been corrupted in transit; checking that two copies of a string are identical without revealing either value directly.

Can I verify a bcrypt or Argon2 hash with this tool?

No. Bcrypt and Argon2 embed a salt and cost factor inside the hash string — they cannot be verified by simply re-hashing the input. Use our Bcrypt Generator tool to verify bcrypt hashes.

Related security tools

Generate and protect hashes with these companion tools.

Hash Generator

Generate MD5, SHA-1, SHA-256, SHA-384 and SHA-512 hashes from any text.

Bcrypt Generator

Hash and verify passwords securely with bcrypt — the right algorithm for credentials.

Password Generator

Generate cryptographically secure random passwords with custom length and charset.

Verify a hash now

Free account. 50 credits per day. Access to 75+ tools instantly.

Create free account →