Hash Inspector
Hash Inspector computes SHA-256, SHA-384, and SHA-512 for pasted text or a selected file using browser cryptography APIs. It is intended for quick integrity checks, advisory preparation, release-note verification, and local evidence handling where moving material through a remote hash service would be inappropriate.
The tool intentionally omits MD5 and SHA-1. Those algorithms remain useful in some legacy file-identification contexts, but publishing them as first-class outputs risks suggesting they are appropriate for integrity assurance. If legacy hash comparison is needed later, it should be added behind clear labeling and not mixed with the default cryptographic digest set.
Operational Notes
Hash Inspector reads selected files only after the browser receives explicit user input. For file hashing, the browser must read the file into memory before calculating a digest. The page therefore enforces a size limit and presents the limit as part of the interface rather than attempting to hide browser constraints.
Digest output can be copied directly into a report, release record, or tool manifest. For formal release artifacts, pair the digest with the artifact name, version, platform, signature status, and publication date so reviewers can verify that the hash refers to the intended file.
Data Handling
- Text input remains in page memory.
- Selected files are read only after explicit user selection.
- No network request is made by this component.
- No local storage, session storage, IndexedDB, or server storage is used by this component.
- File hashing is intentionally size-limited because browser digest APIs require whole-buffer input.
Boundary
Hash Inspector is a convenience utility, not a malware scanner, evidence vault, provenance proof, notarization service, or chain-of-custody system. A digest can show that two byte sequences match; it does not establish who produced the file, whether the file is benign, or whether the file was handled according to an evidence procedure.