Best Free Hash Utility

 

Introduction

Hashing is the process of computing a fixed-length string (called a "message digest") from a data stream usually for the purpose of validating, authenticating, or digitally signing that stream. The stream could be a disk file, an email message, or packets of data in network transport. Hashing is not encryption because the message digest cannot readily be transformed back into the original data from which it was computed. Instead, hashing is a mechanism for representing a block of data in a predictable way by the use of a standard, public algorithm.

[show-hide toggle]

Technical Discussion

For those who are interested in knowing more about the various hashing algorithms in use, a technical discussion of these algorithms and their possible uses follows.

[show-hide toggle]
 

In a Hurry?

Go to details...  Go straight to the Quick Selection Guide

 

Discussion

Focusing on the use of hashing for the validation of a data stream against published hashes, there are a number of useful programs that provide this functionality. Essentially, these programs 1) must be easy to use, 2) must accurately compute hashes according to published algorithms, and 3) must present the information in a usable form. It is not important whether hashing is the primary purpose of the software or just an incidental feature of a broader application. What is important is that a useful capability is provided attended with as little "noise" (bugs and fluff) as possible.

The programs reviewed here provide three levels of functionality:

  • Programs that compute hashes.
  • Programs that also provide hash validation.
  • Programs that also include a database of hashes for revalidation.

The reviewed applications implement their user interfaces in one of three ways:

  • Windows console application (DOS command line).
  • Windows Explorer context menu entry.
  • Windows Explorer property page tab.

It cannot really be said that any one of these approaches is better than the others because each provides its own capabilities. A console application, for example, allows for scripting and ad-hoc programming that is not possible with graphical applications, but its user interface is somewhat limited. A Windows Explorer context menu entry provides quick access to a full-scale application, but this also switches the user to a new application context. An Explorer property page tab offers a handy and familiar access to program controls without context switching, but the small physical window size places constraints on application features.

HashTab implements its user interface as a Windows Explorer file property page. To compute the hash of a file, you right-click on the file, select Properties, and then click the tab labeled "File Hashes". There are two zones in the tab panel. The top zone shows the hash values of the selected hashes. An Options link is provided to allow the user to change selected hashes, and the program remembers the selections in future sessions. Message digests of the selected file are automatically computed and displayed.

The bottom zone of the tab panel provides the hash comparison feature. A hash can be pasted into the Hash Comparison field, and it will be automatically compared against the selected hashes. If a match is found, a green checkmark is displayed below the field along with the name of the hash that was matched. If no match is found, a red "x" is shown. You should be sure that the desired hash is selected before concluding that there is a mismatch because the program does not report whether it matches an unselected algorithm.

The comparison zone also provides a button that can be used to select a file to compare the current file against. On clicking the button, a dialog is presented that permits the user to browse to the desired file. The program remembers the last location the Open dialog was used to access, and subsequent dialog sessions return to that location, which may have been from a previous program session.

When comparing a hash that is pasted in, the one that matches is the one used, but when comparing another file, the first algorithm that matches in the alphabetically-sorted list is used. If you want to use a specific hash, you have to change the selected hashes in Options by removing all hashes from the list that alphabetically precede the desired algorithm. After so doing, you will have to reselect the file to compare because the Hash Comparison field will be blanked out on returning to the tab panel.

 

HashMyFiles is a full-scale Windows application that can be launched directly, or from the Explorer context menu when that feature is enabled. HashMyFiles not only computes hashes of files and compares them against each other or against any MD5 or SHA-1 hash that is in the Windows clipboard, but it can also hash all files in a file system identifying hash duplicates in the process. The program can compute hashes for a single file, a group of files, or an entire file system, but it only does so using CRC, MD5, and SHA-1.

The main program window provides a list of the files selected for hashing, and the hashes are computed automatically. If a file in the list matches an MD5 or SHA-1 hash that has been copied to the clipboard, that file is highlighted. If there are multiple hashes for multiple files in the clipboard, all matches are highlighted. In addition, files in the list that are duplicates of each other are similarly labeled and highlighted. The program can hook into the Windows Explorer context menu by enabling an option to do so. (It is disabled by default.) When enabled, right-clicking the selected files or folders and selecting HashMyFiles in the context menu will bring up the program with the file hashes computed and matches highlighted. Selecting a large number of files, or the base folder of a large tree, can result in a lengthy delay while the hashes are calculated.

This program can be configured to operate from the Windows system tray. Closing the program with this feature enabled--it is disabled by default--will allow quick access to the program window for further use. Selecting another file to hash will restore the program window with the newly selected file and computed hashes added to the bottom of the list.

The NirSoft site for HashMyFiles reports support for all Windows versions since and including 2000. The program has a faulty interaction, however, with a security feature of Windows 7, and as the feature also exists in Windows Vista, presumably with it as well. One of the more recent capabilities of Windows is to keep track of the origin of individual files and request approval to open files that came from an untrusted source (e.g., the internet). Sometimes, this causes HashMyFiles to launch multiple windows with the various selected files distributed among them or to open one window with multiple entries of the selected files present and marked as duplicates. Another problem with the program is the low-contrast highlighting used to identify matched entries. On some monitors, the low-contrast is difficult to distinguish at some visual angles and virtually disappears at others.

 

HashCheck Shell Extension is an open source program that employs a Windows property page tab as its user interface. It computes hashes using CRC, MD4, MD5, and SHA-1, and it can work on single files, multiple files, and whole file systems. The program window has a text field for displaying computed hashes and a field for pasting in a hash to match. The program can save the computed hashes to a text file in various encodings that it can later use to re-validate the included files.

HashCheck is a sort of hybrid of HashTab and FCIV. It performs the basic single file hash computing and comparing functionality as other programs. To validate a single file, right-click on the file in Windows Explorer and select Properties. Click the Checksums tab to display the hashes for the selected file. Paste the published hash into the field at the bottom of the tab window, and the program will automatically highlight the matching hash or show a text bubble indicating that the hash was not found in the list.

If multiple files had been selected, hashes for all files will be computed and displayed. If a large number of files were selected, or the base folder of a large file system, it may take a long time to compute all the hashes. A convenient progress bar shows the programs progress computing the hashes, and unlike progress bars in some programs including those in software of large companies such as Microsoft and Oracle, the progress bar is accurate reaching the end only when it is actually completed computing hashes. There are two progress bars--one for the overall process and one for the individual files. Very large files can take a minute to hash.

The program goes beyond most others reviewed here in that its results can be saved to a text file for later revalidation. To do this, click the Save button at the bottom of the program window. In the Save As dialog that appears, enter a file name (the program computes a default), a file type, and click Save. The dialog opens in the location that contains the selected file(s) and/or folder(s), so you may want to browse to a different location to save the file. The program chooses which hash to save for the listed file(s) in the file based on the file type selected in the Save As dialog. It saves only one hash type in a given file, and the saved file takes an extension that is consistent with its type.

To re-validate the files that were included in the saved hash file, just double-click on the saved hash file to launch a HashCheck window that will proceed to recompute the hashes for the files and indicate the matches, mismatches, and unreadables--the latter category usually indicating a missing file.

HashCheck has many useful features, but it could be improved. Dropping the CRC and MD4 algorithms, which are not really needed for a program like this, and replacing them with SHA-256 and Whirlpool would be a big improvement. A reporting tool would be useful as well. It would be nice if the program could save its data into a single file containing all hashes computed for each file. As it is, a separate file is required to save the hashes for a given algorithm.

 

Like HashTab and HashCheck, Febooti fileTweak Hash & CRC works as a tab on the file property page. To compute the hash of a file, you right-click the file, select Properties, and then click the tab labeled "Hash / CRC". The upper portion of the tab panel shows the name of the file being hashed, if just one had been selected, or a count of the total number selected. It also shows the file system location of the selected file(s), although a deep location will be truncated.

The middle portion of the panel lists the available hashes which can be easily selected or excluded using a checkbox next to each one. Two of the algorithms, MD and RIPEMD, have drop-downs to the left that allow you to select the version of the algorithm to use in the main list. The algorithms that are selected when the program starts, which are remembered from the last session, are automatically computed for the selected file. If an algorithm is added, you must click the Compute button in the lower section to recompute the hashes to include the newly selected one.

The lower portion of the tab panel provides a mechanism for switching the file to use when multiple files were selected in Windows Explorer. To compute hashes for a different file from a group, just click the View file drop-down, select the desired file from the list, and click Compute.

Unlike the other programs reviewed here, Febooti Hash & CRC, does not provide a hash comparison feature. There is no way to directly compare the hash of a file against published hash or against the hash of another file. To compare the computed hash against a published hash, you must click the Copy button, select which hash (or all) to place on the clipboard, paste the hash(es) into another window such as an empty Notepad document, paste the published hash into the same window, and then visually compare them. If you need to compare two files, you have to go through this exercise for each file before comparing them. The program does, at least, make it easy to get the computed hashes onto the clipboard.

 

Microsoft File Checksum Integrity Verifier (FCIV) is a console application, which means that it only runs inside a command window. You might wonder why such a program would be considered here, but there is a unique capability provided by this program that is worth a look. For computing the hash of a single file, this would not be the tool to use, but it can be used to create a database of hashes for many files, including recursively through an entire file system, and then later use that database to re-validate those same files.

FCIV only computes hashes using the MD5 and SHA-1 algorithms. The purpose of this program is to provide a method by which large numbers of files can be validated very quickly thus exposing unauthorized modifications. The following command can be used to generate a database of hashes for all ".exe" and ".dll" files below C:\Program Files using both MD5 and SHA-1:

fciv "c:\program files" -xml c:\temp\pf.xml -r -both -type .exe -type .dll

If you leave out the type argument(s), it will compute hashes for all files that it finds. The following command can be used to validate the database against the same files at a later time:

fciv -v -both -xml c:\temp\pf.xml

The program will report any differences that it finds. It does not report the presence of new files, but it does report any files of the original set that are missing. The setup of the program is entirely manual. After extracting it from the download, the program must be copied to a location that is in the command path or its extracted folder must be added to the path. Once this is done, it can be executed from any command window. To get help information about the program, type "fciv -h". The help information includes examples, but there are some differences between the information provided and the way the program actually behaves.

 

Others

Here are some more hash programs. I haven't downloaded them yet, but here's the info I got off their websites.

[show-hide toggle]
 

Quick Selection Guide

HashTab
4.5
 
Gizmo's Freeware award as the best product in its class!

Runs as a stand-alone program on a user's computer
Works in a tab of the Windows Explorer file property page. Computes hashes for fifteen algorithms including all of those described above. Allows direct comparison of any hash that can be pasted in thus obviating the need for error prone visual comparison. Provides a file comparison feature that permits direct hash comparisons with another file. This is useful except as noted below. HashTab is available for both Windows (except 9x, NT, and 2k) and Mac OSX.
The file comparison feature could have been done better. It only compares the file against the first hash in the list, and there is no easy way to get it to use another. You have to remove all hashes that come before the one you want to use and then find the file to compare. If you change the selected algorithms after a file has been selected for comparison, the file name field is blanked out so that you have to get the file again. Does not work (tab is missing) when multiple files are selected.
http://implbits.com/
5.1.0.23
908.9 KB
Free for private use only
WinXP or greater; Mac OSX
HashMyFiles
4
 
Runs as a stand-alone program on a user's computer
Full-scale Windows application. Computes hashes for individual files, multiple files, or entire file systems. Can compare files to hashes in the clipboard as well as to other selected files. Highlights duplicate files when an entire file system is loaded. Hooks into Explorer context menu for quick access to the program window. Can minimize to the system tray. Can create an HTML report of results as well as result files in various formats. Column list is customizable.
Only MD5 and SHA1 algorithms are computed. Behavior problems with later versions of Windows. Match highlights are in very pale colors that may be difficult to see on some monitors.
http://www.nirsoft.net/
2.0
58.47 KB
Unrestricted freeware
Windows 2000/XP/2003/Vista/7

No software installation program. Just download and run.
View the versions history here

HashCheck Shell Extension
3.5
 
Runs as a stand-alone program on a user's computer
Employ a Windows property tab as its user interface, computes hashes using CRC, MD4, MD5 and SHA-1, work on single files, multiple files and whole file systems, save computed hashes to a text file for later revalidation.
Very large files can take a minute to hash, a separate file is required to save the hashes for a given algorithm, some other useful features could be improved.
http://code.kliu.org/hashcheck/
2.1.11
85 KB
Open source freeware
Windows XP or newer

v2.1.11 released 1 July, 2009
View the changelog here

Febooti fileTweak Hash & CRC
2.5
 
Runs as a stand-alone program on a user's computer
Works in a tab of the Windows Explorer file property page. Computes hashes with fifteen different algorithms including those described above. It is easy to change hash selections and recompute. If multiple files are selected, it is possible to switch between the selected files to compute hashes for each one. There is a simple mechanism for copying computed hashes to the clipboard.
No comparison feature. To check computed hashes against another file, you must compute the hashes for each file separately, paste the results into a text document, and then visually compare them.
http://www.febooti.com/
3.5
851.44 KB
32 bit but 64 bit compatible
Unrestricted freeware
Windows only

v3.5 released 29 January, 2013
View the release notes here

Microsoft File Checksum Integrity Verifier
2
 
Runs as a stand-alone program on a user's computer
Can be used to create a database of computed hashes and revalidate against it.
Only MD5 and SHA1 algorithms are supported. Only works in a command window. The program's options are difficult to understand and use effectively, and the help provided is of limited usefulness as it has some inaccuracies.
1.0
117 KB
Unrestricted freeware
Windows 2000 - XP

No software installation program. Just download and run.

 

Editor

This software review is maintained by volunteer editor CryptoSurfer. Registered members can contact the editor with any comments or questions they might have by clicking here.

 

Back to the top of the article.

 

Share this
4.25926
Average: 4.3 (27 votes)
Your rating: None

Comments

by CryptoSurfer on 29. September 2014 - 3:54  (118857)

I've been evaluating HashCat, and it seems that its previous glitches have been corrected. I know this product has been reviewed and mentioned on several occasions here (e.g., best free security software list, and so on) but it properly belongs here to take note. It will be interesting to see how the emergence of 'One-Way Accumulators' (I'm also reviewing) will affect the hash landscape. Radically so -- I suspect.
Here is the write-up of HashCat (they won the DefCon competition, again this year)from Wikepedia, if anyone has tested this utility, I'd appreciate your input.

HASHCAT:

Hashcat / oclHashcat
Developer(s)
atom
Stable release
0.47 / 1.30
Development status Active
Operating system
Cross-platform

Type
Password cracking

License
Proprietary EULA
Website www.hashcat.net

Hashcat is the self-proclaimed world’s fastest CPU-based password recovery tool. It is available free of charge, although it has a proprietary codebase. Versions are available for Linux, OSX, and Windows and can come in CPU-based or GPU-based variants. Hashcat currently supports a large range of hashing algorithms, including: Microsoft LM Hashes, MD4,MD5, SHA-family, Unix Crypt formats, MySQL, Cisco PIX, and many others.
Hashcat has made its way into the news many times for the optimizations and flaws discovered by its creator, which become exploited in subsequent hashcat releases. (For example, the flaw in 1Password's hashing scheme.)[1]
Variants
Hashcat comes in two main variants:
• Hashcat - A CPU-based password recovery tool
• oclHashcat - A GPU-accelerated tool
Many of the algorithms supported by Hashcat can be cracked in a shorter time by using the well-documented GPU-acceleration[2] leveraged in oclHashcat (such as MD5, SHA1, and others). However, not all algorithms can be accelerated by leveraging GPUs. Bcrypt is a good example of this. Due to factors such as data dependant branching, serialization, and Memory (to name just a few), oclHashcat is not a catchall replacement for Hashcat.
Hashcat is available for Linux, OSX and Windows. oclHashcat is only available for Linux and Windows due to improper implementations in OpenCL on OSX[citation needed].
Sample output
$ ./hashcat-cli64.bin examples/A0.M0.hash examples/A0.M0.word
Initializing hashcat v0.47 by atom with 8 threads and 32mb segment-size...

Added hashes from file examples/A0.M0.hash: 102 (1 salts)

NOTE: press enter for status-screen

--- Output Omitted ---

All hashes have been recovered

Input.Mode: Dict (examples/A0.M0.word)
Index.....: 1/1 (segment), 102 (words), 2769 (bytes)
Recovered.: 102/102 hashes, 1/1 salts
Speed/sec.: - plains, - words
Progress..: 102/102 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--

Started: Tue Dec 10 18:07:54 2013
Stopped: Tue Dec 10 18:07:54 2013
Attack types
Hashcat offers multiple attack modes for obtaining effective and complex coverage over a hash's keyspace. These modes are:
• Brute-Force attack
• Combinator attack
• Dictionary attack
• Fingerprint attack
• Hybrid attack
• Mask attack
• Permutation attack
• Rule-based attack
• Table-Lookup attack
• Toggle-Case attack
The traditional bruteforce attack is considered outdated, and the Hashcat core team recommends the Mask-Attack as a full replacement.
Competitions
Team Hashcat (the official team of the Hashcat software composed of core Hashcat members) won first place in the KoreLogic "Crack Me If you Can" Competitions at DefCon in 2010, 2012 and 2014.

by gzwul62a on 8. September 2014 - 5:46  (118439)

Hashtab
-------
Short note:
the link to hashtab doesn't work
http://www.implbits.com/Products/HashTab.aspx

ah well .. neither http://www.implbits.com/hashtab.aspx which is the 'More" button on their website... nor the screenshots - error: the requested content cannot be loaded...

to obtain the file you need to enter your email
also it says, under 'Next steps'
" Once you have installed HashTab, just right click on any file "

Igorware
--------
sofar I used Igorware hasher
http://www.igorware.com/hasher

it really is very flexible: you can copy a SHA-1 string to clipboard, run igorware hasher and it automatically compares to clipboard.
it is portable.
Regretfully...! It does not support SHA-256.

HashMyFiles
-----------
It supports SHA-256, SHA-384, SHA-512 as well
Version 1.80: Added support for SHA-256 and SHA-512 hashes.
Version 1.85: Added support for SHA-384 hashes.

-
As for myself: I am still looking for a tool, similar to Igorware Hasher
(small, portable, compare file to a string in clipboard .. -with- SHA-256 support)
=

by Joe A.TT on 8. September 2014 - 23:13  (118449)

You could try DP Hash ( http://www.paehl.de/cms/hash_dp )which is portable and supports 34 hash algorithms. One drawback is that it doesn't support drag & drop.

Another is Hasher Lite ( http://www.den4b.com/?x=products&product=hasher ) which is portable too. This program supports drag & drop and SHA-256 as well. It is free for private/personal use.

by CryptoSurfer on 8. September 2014 - 15:51  (118445)

Thanks for bringing this to my attention. I'll look into it and see what can be done to correct the problem. If it can't be, I'll remove the listing. Sorry for the inconvenience to you.

I agree with you on Igorware Hasher -- very nice app.

I'm presently researching 'One Way Accumulators' -- these are one way Hash functions that don't need a CA. I'll be posting some info on these soon.

All the Best,

CryptoSurfer

by snakyjake on 18. October 2013 - 20:32  (111565)

I'm looking for a utility to validate the integrity of my archived photos and detect bit rot. I'd like the program to store the checksum in the file properties, unless that would invalidate the checksum. If it does invalidate the checksum, then simply saving to a new file. The next feature is to run validation tests on a schedule, detecting bit rot and alerting me. The ideal solution will also have parity information so the photo can be recovered.

Photo bit rot of archived photos is a big concern of mine.

Thanks. Jake.

by dynamite00401 on 17. July 2013 - 0:43  (109321)

HashTab v5.1.0.23 works well for me. I am a firm believer in checking the integrity of my downloads. It was necessary for me to give an email address to http://www.implbits.com/Products/HashTab.aspx at which time they sent me a download link. Thanks

by Joe A.TT on 17. July 2013 - 19:17  (109346)

I downloaded HashTab from Softpedia and didn't have to give an email address. I'm just mentioning this for the benefit of anyone who doesn't want to give out their email address.

by dynamite00401 on 17. July 2013 - 21:54  (109349)

Thanks so much. Anyone who wants to download HashTab without giving an email can certainly do so here:

http://www.softpedia.com/get/System/File-Management/HashTab.shtml

by Paxmilitaris on 19. February 2013 - 2:40  (105530)

I checked the Best Portable Applications before posting here.

What is the best portable hash utility?

Gizmo's Freeware is Recruiting!

Gizmos Needs YouShare your knowledge of free software with millions of Gizmo's readers by joining our editing team.  Details here.