Hash Compare
Paste two hashes side by side. We tell you instantly — in constant time — whether they match.
Quick answer: Paste two hashes side by side. We tell you instantly — in constant time — whether they match.
Last updated
Frequently asked questions
- Why a dedicated hash-compare tool?
- Because eyeballing two 64-character strings is genuinely hard — you reliably miss a single transposed digit. Pasting them in and getting an unambiguous green ✓ or red ✗ is much safer.
- What does 'constant-time compare' mean?
- The algorithm always inspects every byte of the input regardless of where the first mismatch is. That prevents an attacker from learning anything from the time the comparison took, which matters in some authentication flows.
- Does the case of the hash matter?
- No. We lowercase both strings before comparing, so 'A1B2…' and 'a1b2…' compare equal.
- Are spaces or newlines a problem?
- No. We strip all whitespace, so a hash split across multiple lines (as some tools format them) compares correctly against the unbroken version.
- Can I compare hashes of different algorithms?
- Technically yes, and we'll show you the detected algorithm for each side as a sanity-check. They will of course never match if they're different lengths.
- Is anything uploaded?
- No. The compare is a tiny JavaScript loop running in your browser. No server call.
- Does the tool detect the algorithm automatically?
- It inspects the length: 32 hex chars = MD5, 40 = SHA-1, 56 = SHA-224, 64 = SHA-256, 96 = SHA-384, 128 = SHA-512. Anything else is shown as 'Unknown'.
- Can I paste a base64 hash?
- Not directly — convert it to hex first. The detector relies on hex length to identify the algorithm, and base64 lengths overlap.
- What's the use case for this tool?
- Verifying file downloads against a vendor-published checksum, comparing the SHA-256 of two files to spot subtle changes, or sanity-checking that two systems agree on an integrity hash.
- Does a match guarantee the files are identical?
- For SHA-256 and SHA-512: practically yes. For MD5 or SHA-1: a malicious actor can craft a colliding file, so don't use them for security-critical verification — but they're fine for accidental-corruption checks.