CleanorLabs
Support
Reference

SHA-256 Checksum

A SHA-256 checksum is a 256-bit (32-byte) fingerprint produced by the SHA-2 hash function. Running it over a file's bytes yields a fixed 64-character hex string that changes completely if any byte changes, so two files with the same SHA-256 are byte-for-byte identical in practice.

APIs & internalsGeneral

SHA-256 Checksum

Also known as: sha256 hash, file integrity sha256

A SHA-256 checksum is a 256-bit (32-byte) fingerprint produced by the SHA-2 hash function. Running it over a file's bytes yields a fixed 64-character hex string that changes completely if any byte changes, so two files with the same SHA-256 are byte-for-byte identical in practice.

  • A SHA-256 digest is always 256 bits, shown as 64 hexadecimal characters.
  • SHA-256 is part of the SHA-2 family standardized in NIST FIPS 180-4.
  • No SHA-256 collision has ever been found, so matching digests indicate identical files.

How it works

SHA-256 is one member of the SHA-2 family standardized by NIST in FIPS 180-4. It reads a file as a stream of bytes, pads the data to a multiple of 512 bits, and processes it in 512-bit blocks through 64 rounds of bitwise and modular-addition operations.

The output is always 256 bits regardless of input size, written as a 64-character hexadecimal digest. A one-bit change to the input flips roughly half the output bits on average, a property called the avalanche effect.

SHA-256 is a cryptographic hash: it is deterministic, one-way, and collision-resistant, meaning no two different inputs producing the same digest have ever been found.

Why a cleaner uses it

To find exact duplicates, a cleaner compares content rather than file names or dates. Hashing every file to a SHA-256 digest turns that comparison into a fast string match: identical digests mean identical bytes.

Because SHA-256 is collision-resistant, a digest match is treated as a confirmed duplicate, unlike weaker MD5 checksums where deliberate collisions exist. To save work, many tools hash only candidates that already share the same file size before computing the full SHA-256.

Related terms

Keep reading the reference.

APIs & internalsMD5 ChecksumAn MD5 checksum is a 128-bit value computed from a file's exact bytes. Two byte-identical files always produce the same MD5, while changing a single byte produces a completely different value, making it a fast way to detect exact-duplicate files.GeneralAPIs & internalsPerceptual HashA perceptual hash (pHash) is a compact fingerprint, usually a 64-bit value, computed from an image's visual structure rather than its raw bytes. Unlike cryptographic hashes, two images that look alike produce similar hashes, so small edits, resizes, or re-compressions change only a few bits.GeneralPrivacy & securityHashingHashing turns any input into a fixed-length string of characters using a one-way function — you cannot reverse a hash back into the original data. It is used to store passwords safely, verify files have not changed, and detect duplicates.GeneralPhotos & videoDuplicate photosDuplicate photos are exact or near-exact copies of the same image — created by saving a photo twice, importing from multiple sources, or editing and re-saving. They are low-risk to remove because an identical copy remains.iOSAndroidGeneral

Act on it

Guides and tools for this topic.

Clean up phone storage