Are you wondering what a checksum is? You may have noticed that when you download files from certain websites, they have a very long string of numbers and letters called a checksum or MD5 checksum or SHA-1, etc. These really long strings basically act as fingerprints for that particular file, whether it be an EXE, ISO, ZIP, etc.
Checksums are used to ensure the integrity of a file after it has been transmitted from one storage device to another. This can be across the Internet or simply between two computers on the same network. Either way, if you want to ensure that the transmitted file is exactly the same as the source file, you can use a checksum.
The checksum is calculated using a hash function and is normally posted along with the download. To verify the integrity of the file, a user calculates the checksum using a checksum calculator program and then compares the two to make sure they match.
Checksums are used not only to ensure a corrupt-free transmission, but also to ensure that the file has not been tampered with. When a good checksum algorithm is used, even a tiny change to the file will result in a completely different checksum value.
The most common checksums are MD5 and SHA-1, but both have been found to have vulnerabilities. This means that malicious tampering can lead to two different files having the same computed hash. Due to these security concerns, the newer SHA-2 is considered the best cryptographic hash function since no attack has been demonstrated on it as of yet.
About 99.9% of the time, you really don’t need to care or worry about checksums when downloading files off the Internet. However, if you are downloading something sensitive like anti-virus or privacy software like Tor, it’s probably a good idea to verify the checksum because hackers can create malware-infested versions of critical software in order to gain full access to a system.
Windows has in-built checksum utility and it is very easy to use:
1 |
certutil -hashfile pathToFileToCheck MD5 |
It can also calculate for MD2 MD4 MD5 SHA1 SHA256 SHA384 SHA512
Download Microsoft File Checksum Integrity Verifier
The MD5 & SHA Checksum Utility is my favorite utility for working with checksums because it has all the features I need in the free version.