Developers use hashes to verify that a download wasn't tampered with, confirm a payload matches a signature, and check that two files are byte-identical. Getting a quick, trustworthy hash without installing a CLI or pasting sensitive data into a sketchy site is surprisingly handy — especially when the whole thing runs locally.
This workflow covers the hashing tasks developers hit most: generate a checksum to compare against a published one, compute HMAC signatures for API auth, and pick the right algorithm for the job.
The workflow
1
Generate a checksum
Compute an MD5 or SHA-256 hash of a string or file contents to compare against a published value.
2
Compare against the source
Match your hash to the vendor's published checksum to confirm integrity.
3
Compute HMAC signatures
Generate an HMAC with a shared secret for API request signing or webhook verification.
4
Choose the right algorithm
Use SHA-256 for security-sensitive checks and reserve MD5 for non-security dedup or legacy comparisons.