Utility Tools
Small tools that don't really convert formats — they compute fingerprints, verify integrity, or produce checksums. Like every other tool on FormatFixer, they run entirely in your browser.
All utility converters
Which format should I use?
Pick the hash algorithm your publisher or protocol expects. MD5 is fast and fine for duplicate detection or catching random corruption, but it's cryptographically broken — don't use it for anything where an attacker might try to create a collision. SHA-1 is also broken for cryptographic purposes but is still what Git uses internally. SHA-256 is the current universal standard: TLS certificates, Docker image digests, Bitcoin, and most published software checksums all use it. SHA-512 is the longest and offers extra margin for high-assurance applications; it's also faster than SHA-256 on modern 64-bit hardware.
| Algorithm | Output length | Cryptographically safe | Best for |
|---|---|---|---|
| MD5 | 128 bits (32 hex) | No (broken 2004) | Duplicate detection, accidental corruption |
| SHA-1 | 160 bits (40 hex) | No (broken 2017) | Git, legacy compatibility |
| SHA-256 | 256 bits (64 hex) | Yes | TLS, Docker, software checksums |
| SHA-512 | 512 bits (128 hex) | Yes | High-assurance, 64-bit CPU speed |
Frequently asked questions
What's the difference between a hash and a password?
A hash is a one-way fingerprint of data — you can compute it in one direction but can't reverse it. Passwords are what a user types; password storage uses hashes (specifically, slow hashes like bcrypt or Argon2, not MD5/SHA-256) so a database leak doesn't expose raw passwords. Plain SHA-256 is too fast for password hashing.
Which hash should I use for verifying a download?
Whichever one the publisher published. Most modern publishers list SHA-256; some also offer SHA-512. If only MD5 is available it's still fine for catching download corruption (not malicious substitution). Compare the hex string the tool produces against the publisher's listed value.
Why is the output file named `.sha256` instead of `.txt`?
It matches the GNU coreutils convention: `sha256sum` produces a file with a `.sha256` extension containing `<hash> <filename>`. With both files in the same directory, `sha256sum -c my-download.sha256` verifies integrity in one command.
Are my files uploaded when I compute a hash?
No. Every hash on this site is computed in your browser using WebCrypto (for SHA-*) or spark-md5 (for MD5). The file's bytes never leave your device — which matters for sensitive or confidential files you're producing audit hashes for.
How large a file can I hash?
There's no hard limit — we read the file into an ArrayBuffer in the browser, so the ceiling is your device's available memory. In practice, 1–2 GB is comfortable on most machines. For larger files, a native CLI tool (sha256sum, certutil) will stream the file instead of loading it all at once.