A checksum is also sometimes called a hash sum and less often a hash value, hash code, or simply a hash.

A Simple Checksum Example

The idea of a checksum or a cryptographic hash function might seem complicated and not possibly worth the effort, but we’d like to convince you otherwise! Checksums really aren’t that hard to understand or create. Let’s start with a simple example, hopefully showcasing the power of checksums to prove something has changed. The MD5 checksum for the following phrase is a long string of characters that represent that sentence. For our purposes here, they essentially equal each other. However, making even a slight change, like removing just the period, will produce a completely different checksum. As you can see, even a minuscule change in the file will produce a vastly different checksum, making it very clear that one does not equal the other.

Checksum Use Case

Let’s say you download a big software update, like a service pack. This is probably a huge file, taking several minutes or more to download. Once downloaded, how do you know that the file was received properly? What if a few bits were dropped during the transfer and the file you have on your computer right now isn’t exactly what was intended? Applying an update to a program that isn’t exactly the way the developer created it is likely to cause you big problems. This is where comparing checksums can put your mind at ease. Assuming the website you downloaded the file from provides the checksum data alongside the file to be downloaded, you can then use a checksum calculator (see “Checksum Calculators” below) to produce a checksum from your downloaded file. For example, say the website provides the checksum MD5:5a828ca5302b19ae8c7a66149f3e1e98 for the file you downloaded. You then use your own checksum calculator to produce a checksum using the same cryptographic hash function, MD5 in this example, on the file on your computer. Do the checksums match? Great! You can be very confident that the two files are identical. Do the checksums not match? This can mean anything from the fact that someone has replaced the download with something malicious without you knowing, to a reason less sinister like that you opened and changed the file, or the network connection was interrupted and the file didn’t finish downloading. Try downloading the file again and then create a new checksum on the new file, and then compare again. Checksums are also useful for verifying that a file you downloaded from somewhere other than the original source is, in fact, a valid file and hasn’t been altered, maliciously or otherwise, from the original. Just compare the hash you create with the one available from the file’s source.

Checksum Calculators

Checksum calculators are the tools used to compute checksums. There are plenty of them out there, each supporting a different set of cryptographic hash functions. One great free option is ​Microsoft File Checksum Integrity Verifier, called FCIV for short. It supports only the MD5 and SHA-1 cryptographic hash functions, but these are by far the most popular right now. See our piece on how to verify file integrity in Windows with FCIV for a complete tutorial. Microsoft File Checksum Integrity Verifier is a command-line program, but is very easy to use. You can also use the certutil program built-in to Windows. This is also a command-line tool, but it’s equally easy to use it to validate the MD5 checksum of files. That article also describes how to do the same on Linux with md5sum. Another excellent free checksum calculator for Windows is IgorWare Hasher, and it’s completely portable, so you don’t have to install anything (but you will need a RAR file opener to unpack the program). If you’re not comfortable with command-line tools, this tool is probably a better choice. It supports MD5 and SHA-1, as well as CRC32. You can use it to find the checksum of text and files. JDigest is an open source checksum calculator that works in Windows as well as on macOS and Linux.