Article

Hashing in Linux: sha256sum & md5sum Made Simple

6 min read

Linux terminal showing sha256sum and md5sum hashing a file

Introduction: Built-in Hashing in Linux

One of the quiet conveniences of Linux is that you never need to install anything to compute a file's hash. Every mainstream distribution ships with a small family of command-line tools — sha256sum, md5sum, sha1sum, sha512sum and b2sum — all part of GNU coreutils. A hash is a fixed-length fingerprint of a file's contents: change a single byte and the hash changes completely, which makes it the standard way to confirm a download is intact or that a file has not been altered. This guide walks through hashing in Linux with sha256sum and its siblings, from a single file to whole folders and verifiable checksum files. If you are on Windows instead, see our companion guide on how to hash files on Windows.

sha256sum: Hashing a File (and Many at Once)

The workhorse is sha256sum. Point it at a file and it prints the 64-character SHA-256 hash followed by the file name: 

$ sha256sum ubuntu.iso
e3b0c44298fc1c149afbf4c8996fb924...  ubuntu.iso

Hashing several files is just as easy — list them all, or use a glob, and you get one line per file: 

$ sha256sum report.pdf invoice.xlsx photo.jpg
$ sha256sum *.log

That single, repeatable line of output is exactly what you compare against a value published by a software vendor or recorded earlier in an audit.

md5sum and sha1sum: Fast, but Know the Limits

md5sum and sha1sum work identically — same syntax, shorter and faster hashes: 

$ md5sum backup.tar.gz
$ sha1sum backup.tar.gz

A word of caution. For catching accidental corruption — a download that dropped a byte, a disk that flipped a bit — MD5 and SHA-1 are completely fine and pleasantly quick. For security, though, both are broken: researchers can craft two different files with the same MD5 or SHA-1 hash, so a matching digest no longer proves a file was not deliberately swapped. Whenever the check has to withstand a motivated attacker, reach for sha256sum or stronger.

Generating and Verifying a Checksum File

The real power of these tools is the checksum file. Redirect the output to a file to record the hash, then verify it any time later with the -c (check) flag: 

# record the hash
$ sha256sum ubuntu.iso > ubuntu.iso.sha256

# verify it later
$ sha256sum -c ubuntu.iso.sha256
ubuntu.iso: OK

An OK means the file is byte-for-byte identical to when you recorded it; a FAILED means it changed. The same -c pattern works with md5sum -c, sha1sum -c and sha512sum -c. This is precisely the workflow behind verifying a download — see how to verify an ISO file hash before installing.

Hashing Many Files or a Whole Folder

To fingerprint an entire directory tree, pair find with sha256sum. This records a hash for every file under the current folder, recursively, into one checksum file: 

# hash every file in the tree
$ find . -type f -exec sha256sum {} \; > checksums.sha256

# verify the whole tree at once
$ sha256sum -c checksums.sha256

That gives you a single, portable manifest you can ship alongside a dataset so the recipient can confirm nothing drifted in transit. Our file hash verification page explains the broader idea of comparing recorded hashes against live ones.

Stronger and Faster: sha512sum and b2sum

Two more tools round out the set. sha512sum produces a longer, even more collision-resistant digest and is often faster than SHA-256 on modern 64-bit CPUs. b2sum computes a BLAKE2 hash, a modern algorithm that is both secure and very fast: 

$ sha512sum bigfile.bin
$ b2sum bigfile.bin

All of them accept the same -c verification flag, so the record-then-check workflow is identical regardless of which algorithm you choose.

The Windows Equivalent: certutil or e-Dex

Moving the same habits to Windows? The built-in command is certutil: 

C:\> certutil -hashfile ubuntu.iso SHA256

It works, but it is clunky for hashing many files or verifying a checksum file. For a friendlier experience that hashes files, compares them against recorded values and even produces a shareable integrity certificate — all fully offline on your own machine — the Windows equivalent is e-Dex, the Digital Evidence Integrity Suite. It computes MD5, SHA-1, SHA-256, SHA-512 and BLAKE3 side by side, mirroring the Linux toolset in a single window.

Frequently Asked Questions

How do I hash a file in Linux with sha256sum?
Open a terminal and run sha256sum filename. The command prints the 64-character SHA-256 hash followed by the file name. sha256sum is part of GNU coreutils and is pre-installed on virtually every Linux distribution, so there is nothing to download. You can pass several file names at once to hash them all in a single command.

Are MD5 and SHA-1 still safe to use?
For checking that a file was not accidentally corrupted in transit or storage, md5sum and sha1sum are perfectly fine and very fast. For security — proving a file was not deliberately tampered with — both MD5 and SHA-1 are considered broken because attackers can engineer collisions. Use sha256sum, sha512sum or b2sum whenever the integrity check has to resist a motivated adversary.

How do I verify a checksum file in Linux?
If you have a checksum file such as file.sha256, run sha256sum -c file.sha256. The command recomputes the hash of each listed file and prints OK when it matches or FAILED when it does not. The same pattern works with md5sum -c, sha1sum -c and sha512sum -c against their respective checksum files.

How do I hash every file in a folder in Linux?
Combine find with sha256sum: find . -type f -exec sha256sum {} \; > checksums.sha256 walks the current directory recursively and records a SHA-256 hash for every file. You can later verify the whole tree at once with sha256sum -c checksums.sha256.

What is the Windows equivalent of sha256sum?
On Windows you can use the built-in certutil command — certutil -hashfile filename SHA256 — to compute a hash from the command line. For a friendlier graphical option that hashes files, verifies them and produces a shareable integrity certificate offline, e-Dex (the Digital Evidence Integrity Suite) is a free Windows equivalent.

Conclusion

Hashing in Linux is refreshingly simple: sha256sum for everyday integrity, md5sum and sha1sum for quick accidental-corruption checks, sha512sum and b2sum when you want extra strength or speed, and the -c flag to turn any of them into a repeatable verification. Record a checksum once and you can prove a file is unchanged forever after. On Windows, get the same power with a friendly interface and a shareable certificate using e-Dex — try the free hash tool and start verifying your files with confidence.