diff --git a/internal/backend/utils.go b/internal/backend/utils.go
index 7d319402c..64af705ac 100644
--- a/internal/backend/utils.go
+++ b/internal/backend/utils.go
@@ -3,14 +3,33 @@ package backend
 import (
 	"bytes"
 	"context"
+	"encoding/hex"
 	"fmt"
 	"io"
 
+	"github.com/minio/sha256-simd"
+
 	"github.com/restic/restic/internal/debug"
 	"github.com/restic/restic/internal/errors"
 	"github.com/restic/restic/internal/restic"
 )
 
+func verifyContentMatchesName(s string, data []byte) (bool, error) {
+	if len(s) != hex.EncodedLen(sha256.Size) {
+		return false, fmt.Errorf("invalid length for ID: %q", s)
+	}
+
+	b, err := hex.DecodeString(s)
+	if err != nil {
+		return false, fmt.Errorf("invalid ID: %s", err)
+	}
+	var id [sha256.Size]byte
+	copy(id[:], b)
+
+	hashed := sha256.Sum256(data)
+	return id == hashed, nil
+}
+
 // LoadAll reads all data stored in the backend for the handle into the given
 // buffer, which is truncated. If the buffer is not large enough or nil, a new
 // one is allocated.
@@ -29,8 +48,7 @@ func LoadAll(ctx context.Context, buf []byte, be restic.Backend, h restic.Handle
 		// the second time, then it  is likely corrupted at the backend. Return the data
 		// to the caller in that case to let it decide what to do with the data.
 		if !retriedInvalidData && h.Type != restic.ConfigFile {
-			id, err := restic.ParseID(h.Name)
-			if err == nil && !restic.Hash(buf).Equal(id) {
+			if matches, err := verifyContentMatchesName(h.Name, buf); err == nil && !matches {
 				debug.Log("retry loading broken blob %v", h)
 				retriedInvalidData = true
 				return errors.Errorf("loadAll(%v): invalid data returned", h)