What Is a Cryptographic Checksum? How to Verify the Checksum of a Downloaded File?

With an average of 97 cybercrime victims per hour, ensuring the integrity and authenticity of files is becoming crucial, especially when downloading software or any other online documents.

How can one verify the integrity of a file? By checksum! But what is a checksum, and how can the checksum of a downloaded file be verified?

Read on to find out!

What Is a Cryptographic Checksum?

A cryptographic checksum is often a short string of letters and numbers generated by a cryptographic algorithm. Often referred to as hash value or hash code, these are unique values, just like human fingerprints. A minor change in the file’s content will produce a completely different checksum (as shown below).

Common Cryptographic Hash Functions Used to Generate Checksums:

• MD5 (Message Digest Algorithm 5)
• SHA-1 (Secure Hash Algorithm 1)
• SHA-256 (Secure Hash Algorithm 256-bit)

Each algorithm generates a different checksum length (e.g., 128-bit for MD5, 160-bit for SHA-1, and 256-bit for SHA-256). Among them, SHA-256 is considered one of the most secure and is widely used, with MD5 being the least secure and easily hackable.

How to Verify the Checksum of a Downloaded File?

Verifying the checksum of a downloaded file is a straightforward process. Below, we’ll explain how you can verify the MD5, SHA-1, and SHA-256 checksums.

First, we’ll start with the most secure version, i.e., SHA-256.

How To Verify An SHA-256 Checksum?

Step 1) Type “Powershell” in the Windows Start menu command box to open Windows Powershell.

Step 2) Type “Get-FileHash” followed by a space and type the path location of the file, or you can also drag and drop the downloaded zip file onto the Windows Powershell window to automatically fill in the path.

Step 3) Press Enter to run the command.

Step 4) The output will display the algorithm name and the hash value. You can compare the original hash value with the calculated hash value.

If it matches, you’re good to go, but the file might be corrupted or compromised if it doesn’t.

How To Verify An SHA-1 Checksum?

Step 1) Ensure you have the SHA-1 checksum provided by the source of the file.

Step 2) Open the Command Prompt by pressing “Win + R.” Type “cmd”

Step 3) Use the “certutil” Command. It is preinstalled in Windows 7 and later versions to handle all the hashing needs.

Step 4) Execute the below command: certutil-hashfile path/to/file SHA-1

Step 5) Replace the path/to/file with the full path to your downloaded file.

Step 6) The command will output the SHA-1 checksum of the file. Compare this with the provided checksum. If they match, the file is unaltered.  

How To Verify An MD5 Checksum?

Step 1) Ensure you have the MD5 checksum provided by the source of the file.

Step 2) Open the Command Prompt by pressing “Win + R.” Type “cmd”

Step 3) Use the “certutil” Command. It is preinstalled in Windows 7 and later versions to handle all of the hashing needs.

Step 4) Execute the below command: certutil-hashfile path/to/file MD5.

Step 5) Replace the path/to/file with the full path to your downloaded file.

Step 6) The command will output the MD5 checksum of the file. Compare this with the provided checksum.  

Recommended: How to Check MD5 Checksum of Downloaded File?

Verifying the Checksum of a downloaded file is relatively easy. The procedure takes only a few minutes and can save you from potential cyberattacks.

Search