Hash & checksums

File Checksum Generator

Generate MD5 and SHA-256 checksums for local files without uploading them.

Runs locally in your browser
Drop a file for checksumAny local file, up to 250 MB. The file is never uploaded.

The file stays in your browser. Nothing is uploaded.

How to use this tool

Drop a local file into the checksum generator.

Lumio reads the file in your browser and calculates MD5 and SHA-256 digests without uploading it.

Compare the digest with a trusted checksum from a release page, artifact store, or teammate.

Why file checksums matter

A checksum helps confirm that a downloaded file, build artifact, backup, or exported package did not change unexpectedly.

It is useful for release verification, support debugging, and comparing files across systems.

Use a checksum from a trusted source; a checksum shown next to a compromised file does not prove safety by itself.

MD5 versus SHA-256 for files

MD5 is fast and common in legacy workflows, but it is not collision-resistant enough for security-sensitive verification.

SHA-256 is the better default for modern file integrity checks.

For signed releases, verify the signature as well as the checksum when the publisher provides one.

Examples

Verify a download

After downloading a release archive, compare its SHA-256 checksum with the value published by the project.

Compare two exports

If two exported files should be identical, matching SHA-256 checksums are a strong signal that the bytes match.

FAQ

Is the file uploaded for hashing?

No. The file is read and hashed locally in your browser.

Which checksum should I trust more?

Prefer SHA-256 for modern integrity checks. MD5 is mainly for legacy compatibility.

Can a checksum prove a file is safe?

Not alone. It proves the bytes match a reference value. The reference value itself must come from a trusted source.

Can I hash large files?

Browser memory and device performance can limit very large files. For huge artifacts, local command-line tools may be more reliable.