diff --git a/Cargo.lock b/Cargo.lock
index b162703ad5..dd143dc3ce 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -342,7 +342,16 @@ dependencies = [
  "block-padding",
  "byte-tools",
  "byteorder",
- "generic-array",
+ "generic-array 0.12.3",
+]
+
+[[package]]
+name = "block-buffer"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4152116fd6e9dadb291ae18fc1ec3575ed6d84c29642d97890f4b4a3417297e4"
+dependencies = [
+ "generic-array 0.14.2",
 ]
 
 [[package]]
@@ -614,6 +623,12 @@ version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b3a71ab494c0b5b860bdc8407ae08978052417070c2ced38573a9157ad75b8ac"
 
+[[package]]
+name = "cpuid-bool"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6d375c433320f6c5057ae04a04376eef4d04ce2801448cf8863a78da99107be4"
+
 [[package]]
 name = "crc32fast"
 version = "1.2.0"
@@ -869,7 +884,16 @@ version = "0.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f3d0c8c8752312f9713efd397ff63acb9f85585afbf179282e720e7704954dd5"
 dependencies = [
- "generic-array",
+ "generic-array 0.12.3",
+]
+
+[[package]]
+name = "digest"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066"
+dependencies = [
+ "generic-array 0.14.2",
 ]
 
 [[package]]
@@ -1409,6 +1433,16 @@ dependencies = [
  "typenum",
 ]
 
+[[package]]
+name = "generic-array"
+version = "0.14.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ac746a5f3bbfdadd6106868134545e684693d54d9d44f6e9588a7d54af0bf980"
+dependencies = [
+ "typenum",
+ "version_check 0.9.1",
+]
+
 [[package]]
 name = "gethostname"
 version = "0.2.1"
@@ -2498,6 +2532,7 @@ dependencies = [
  "serde_json",
  "serde_urlencoded",
  "serde_yaml",
+ "sha2",
  "shellexpand",
  "starship",
  "strip-ansi-escapes",
@@ -2949,6 +2984,12 @@ version = "0.2.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2839e79665f131bdb5782e51f2c6c9599c133c6098982a54c794358bf432529c"
 
+[[package]]
+name = "opaque-debug"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"
+
 [[package]]
 name = "open"
 version = "1.4.0"
@@ -3845,10 +3886,23 @@ version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f7d94d0bede923b3cea61f3f1ff57ff8cdfd77b400fb8f9998949e0cf04163df"
 dependencies = [
- "block-buffer",
- "digest",
+ "block-buffer 0.7.3",
+ "digest 0.8.1",
  "fake-simd",
- "opaque-debug",
+ "opaque-debug 0.2.3",
+]
+
+[[package]]
+name = "sha2"
+version = "0.9.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2933378ddfeda7ea26f48c555bdad8bb446bf8a3d17832dc83e380d444cfb8c1"
+dependencies = [
+ "block-buffer 0.9.0",
+ "cfg-if",
+ "cpuid-bool",
+ "digest 0.9.0",
+ "opaque-debug 0.3.0",
 ]
 
 [[package]]
diff --git a/crates/nu-cli/Cargo.toml b/crates/nu-cli/Cargo.toml
index c2bc38df22..2cc7206b2c 100644
--- a/crates/nu-cli/Cargo.toml
+++ b/crates/nu-cli/Cargo.toml
@@ -75,6 +75,7 @@ serde_ini = "0.2.0"
 serde_json = "1.0.53"
 serde_urlencoded = "0.6.1"
 serde_yaml = "0.8"
+sha2 = "0.9.1"
 shellexpand = "2.0.0"
 strip-ansi-escapes = "0.1.0"
 tempfile = "3.1.0"
diff --git a/crates/nu-cli/src/commands/autoenv.rs b/crates/nu-cli/src/commands/autoenv.rs
index ac1fcac699..bc91506ed4 100644
--- a/crates/nu-cli/src/commands/autoenv.rs
+++ b/crates/nu-cli/src/commands/autoenv.rs
@@ -11,7 +11,7 @@ pub struct Autoenv;
 
 #[derive(Deserialize, Serialize, Debug, Default)]
 pub struct Trusted {
-    pub files: IndexMap<String, String>,
+    pub files: IndexMap<String, Vec<u8>>,
 }
 impl Trusted {
     pub fn new() -> Self {
diff --git a/crates/nu-cli/src/commands/autoenv_trust.rs b/crates/nu-cli/src/commands/autoenv_trust.rs
index 421e977d70..3b13e13e92 100644
--- a/crates/nu-cli/src/commands/autoenv_trust.rs
+++ b/crates/nu-cli/src/commands/autoenv_trust.rs
@@ -4,8 +4,9 @@ use crate::{path, prelude::*};
 use nu_errors::ShellError;
 use nu_protocol::SyntaxShape;
 use nu_protocol::{Primitive, ReturnSuccess, Signature, UntaggedValue, Value};
-use std::hash::{Hash, Hasher};
-use std::{collections::hash_map::DefaultHasher, fs, path::PathBuf};
+use std::{fs, path::PathBuf};
+
+use sha2::{Digest, Sha256};
 pub struct AutoenvTrust;
 
 #[async_trait]
@@ -45,20 +46,14 @@ impl WholeStreamCommand for AutoenvTrust {
             }
         };
 
-        let content = std::fs::read_to_string(&file_to_trust).or_else(|_| {
-            Err(ShellError::untagged_runtime_error(
-                "No .nu-env file in the given directory",
-            ))
-        })?;
+        let content = std::fs::read(&file_to_trust)?;
 
-        let mut hasher = DefaultHasher::new();
-        content.hash(&mut hasher);
-
-        let file_to_trust = file_to_trust.to_string_lossy().to_string();
+        let filename = file_to_trust.to_string_lossy().to_string();
         let mut allowed = Trusted::read_trusted()?;
-        allowed
-            .files
-            .insert(file_to_trust, hasher.finish().to_string());
+        allowed.files.insert(
+            filename,
+            Sha256::digest(&content).as_slice().to_vec()
+        );
 
         let config_path = config::default_path_for(&Some(PathBuf::from("nu-env.toml")))?;
         let tomlstr = toml::to_string(&allowed).or_else(|_| {
diff --git a/crates/nu-cli/src/env/directory_specific_environment.rs b/crates/nu-cli/src/env/directory_specific_environment.rs
index 745a830841..62995fa0f6 100644
--- a/crates/nu-cli/src/env/directory_specific_environment.rs
+++ b/crates/nu-cli/src/env/directory_specific_environment.rs
@@ -2,11 +2,10 @@ use crate::commands::{self, autoenv::Trusted};
 use commands::autoenv;
 use indexmap::{IndexMap, IndexSet};
 use nu_errors::ShellError;
+use sha2::{Digest, Sha256};
 use std::{
-    collections::hash_map::DefaultHasher,
     ffi::OsString,
     fmt::Debug,
-    hash::{Hash, Hasher},
     path::{Path, PathBuf},
 };
 
@@ -34,13 +33,14 @@ impl DirectorySpecificEnvironment {
 
     fn toml_if_directory_is_trusted(&self, wdirenv: &PathBuf) -> Result<toml::Value, ShellError> {
         if let Some(trusted) = &self.trusted {
-            let content = std::fs::read_to_string(&wdirenv)?;
-            let mut hasher = DefaultHasher::new();
-            content.hash(&mut hasher);
+            let content = std::fs::read(&wdirenv)?;
 
             if trusted.files.get(wdirenv.to_str().unwrap_or(""))
-                == Some(&hasher.finish().to_string())
+                == Some(&Sha256::digest(&content).as_slice().to_vec())
             {
+                let content = std::str::from_utf8(&content.as_slice()).or_else(|_| {
+                    Err(ShellError::untagged_runtime_error(format!("Could not read {:?} as utf8 string", content)))
+                })?;
                 return Ok(content.parse::<toml::Value>().or_else(|_| {
                     Err(ShellError::untagged_runtime_error(format!(
                         "Could not parse {:?}. Is it well-formed?",