Are you wondering what a checksum is? You may have noticed that when you download files from certain websites, they contain a very long string of numbers and letters called a checksum, MD5 or SHA-1 checksum, etc. These really long strings basically act like fingerprints fingers for that particular file, regardless of whether they are it to be EXE, ISO, ZIP, etc.
Checksums are used to ensure the integrity of a file after it has been transferred from one storage device to another. It can be over the Internet or just between two computers on the same network. In any case, if you want to make sure that the transferred file is exactly the same as the original, you can use the checksum.
The checksum is calculated using a hash function and is usually published along with the download. To check the integrity of the file, the user calculates the checksum using a checksum calculator program and then compares them to make sure they match.
Checksums are used not only to ensure smooth transmission, but also to ensure that the file has not been modified. With a good checksum algorithm, even a small change in the file will result in a completely different checksum value.
The most common checksums are MD5 and SHA-1, but both vulnerabilities have been found. This means that malicious tampering could result in two different files having the same computed hash. Because of these security concerns, the new SHA-2 is considered the best cryptographic hash function since no attacks against it have been demonstrated to date.
As you can see in the screenshot above, the ISO file I’m trying to download from Microsoft has a SHA1 checksum. After downloading the file, I would use a checksum calculator to check the integrity of the file.
99.9% of the time, you really don’t need to worry about checksums when downloading files from the Internet. However, if you’re downloading something confidential like antivirus or privacy software like Tor, it’s probably a good idea to check the checksum because hackers can create malware-infected versions of critical software to gain full access to the system.
There are many different utilities for calculating checksums, and I will only mention one or two here as the good ones can generate multiple hashes for you, and can also check hashes.
MD5 & SHA checksum utility
MD5 & SHA Checksum utility is my favorite utility for working with checksums because it has all the features I need in the free version. Once downloaded, just run the EXE file to open the program.
The interface is very simple and user-friendly. Just click the Browse button to select a file and hashes will be automatically calculated for MD5, SHA-1, SHA-256 and SHA-512.
As you can see, the MD5 hash is the shortest and the SHA-512 hash is very long. The longer the hash, the more secure it is.
To check the hash, just copy and paste it into the Hash field at the very bottom. Click “Confirm” and it will compare it with the four generated hashes to see if there are any matches.
Online checksum calculator
For those who prefer not to load any software on their systems, an online checksum calculator would be the best choice. Online calculators have more limitations, mostly the maximum upload size, but for smaller files they work fine.
Defuse has a free file checksum calculator for downloads up to 5MB. It’s pretty tiny, so for anything larger, you’ll need either a desktop app or the following online tool mentioned below.
If 5 MB is too small, try OnlineMD5, another free site that allows you to generate checksums for files up to 4 GB in size. It apparently does this without downloading the actual file to its servers. I don’t know how it works, but it looks like the algorithm just runs locally on your system and then just displays in the browser. This is a pretty sane way to do it because you don’t need to download additional software and you don’t have to wait indefinitely for a large file to download.
This site is also very good because you can check the checksum in addition to calculating it. Hopefully you now have a better understanding of what a checksum is and how it can be used and calculated. If you are sending or receiving secure files, the checksum is the best way for both parties to verify the integrity of those files. If you have any questions, please leave a comment. Enjoy!