Checksum Calculator

How it works

Cryptographic hash functions take arbitrary input and produce a fixed-length digest. The same input always produces the same hash, but even a single bit change produces a completely different output. This makes them ideal for verifying file integrity and detecting tampering.

In CTF challenges, checksums serve two purposes. First, you may need to verify that a downloaded file matches an expected hash before analyzing it. Second, hash cracking challenges give you a hash and ask you to find the original input. Use the Hash Identifier to determine the hash type first, then compute candidate hashes here to compare.

CRC32 is a fast, non-cryptographic checksum used in ZIP files, PNG chunks, and network protocols. It is easy to forge (you can craft inputs with a specific CRC32), so it is not used for security, but it is useful for detecting accidental corruption.

SHA-1 (40 hex chars) is considered broken for collision resistance since the SHAttered attack in 2017. Some CTF challenges exploit this by asking you to produce two different files with the same SHA-1 hash. SHA-256 (64 hex chars) is the current standard for file verification and is used in tools like sha256sum.

The verify feature is especially useful for the verify pattern in picoCTF: a challenge gives you a directory of files and a target hash, and you must find the file that matches. Upload each candidate and compare against the target.