Checksum / File Hash
A calculated value derived from a file's contents — used to verify the file has not been corrupted or tampered with during transfer.
Last updated
What Is a Checksum?
A checksum (also called a file hash or digest) is a fixed-length string of characters calculated from a file's contents using a mathematical algorithm. Even a single changed bit in the file produces a completely different checksum — this property makes checksums an extremely reliable way to verify file integrity.
How Checksums Verify File Integrity
- The original file creator calculates a checksum and publishes it alongside the download
- You download the file and calculate the checksum yourself
- If both checksums match, the file was downloaded without any corruption or tampering
- If they differ, the file was modified — either corrupted during transfer or tampered with
Common Hash Algorithms
| Algorithm | Output Length | Status |
|---|---|---|
| MD5 | 128-bit (32 hex chars) | Not secure for cryptography; fine for integrity checks |
| SHA-1 | 160-bit (40 hex chars) | Deprecated for security; still used for integrity |
| SHA-256 | 256-bit (64 hex chars) | Current standard — recommended |
| SHA-512 | 512-bit (128 hex chars) | Higher security margin; same concept |
How to Check a File Hash
Windows (PowerShell):
Get-FileHash filename.zip -Algorithm SHA256
macOS / Linux:
shasum -a 256 filename.zip
Compare the output to the published hash. They must match exactly — even one different character means the file is different.
Why This Matters for Downloads
When downloading large files (OS images, software installers, archives), always verify the SHA-256 hash if published. A mismatch means:
- The download was corrupted mid-transfer (retry the download)
- The file was modified by a third party (do not use it — download from the official source)