The checksum is like a fingerprint for the file. A file is processed through a known algorithm which results in the checksum, a.k.a “hash”, which is a string of letters and numbers unique to that file, e.g.
If the file is modified, the resulting checksum will be different. This allows a quick way to ensure a file has not be modified.
Often when a webpage includes a link to download a file, the checksum will also be listed. This gives the downloader a way to confirm they downloaded the intended file (not a malicious modified version instead).
There are different algorithms that can be used to determine a checksum. Currently, the
SHA-512 are the most popular algorithm to use. Some older and less secure algorithms include
From the command line, we can find the checksum for a file with the following commands:
shasum -a 256 <filename>
shasum -a 256 myfile.zip
shasum -a 512 <filename>
shasum -a 512 myfile.zip
shasum -a 1 <filename> or shasum <filename>
shasum -a 1 myfile.zip or shasum myfile.zip