We all come across hundreds of files every day, either on our personal or our office computers. While such files aren’t critical for our computers, there are some files, like executables, Windows update setup files, which are critical to our computer systems, and if they are tampered in any way, while downloading or in any other way, that can lead to the installer to not work, or can even make our systems start malfunctioning. The same goes for our document files sometimes as well, as there can be many naughty guys, who can tamper the files before it finally reaches us. I have already covered digital signatures, which can help you know the authenticity of a document, and you can read that here.
But just in case, the sender doesn’t sign the document digitally, there are other recipes to check the authenticity of a document or any digital file you might come across. You can calculate the checksum of a file, and then compare it with the original checksum of the file to ensure, the file you got is genuine or has not been tampered in any way. You cannot obviously calculate the checksum of a file, the way you carry out complex mathematical calculations orally, but you will have to use some computer program to calculate the checksums of the files in the world of computers or in the digital world.
So I will discuss how a checksum is generated, and then, how you can find the checksum of a file on your computer.
How checksums are generated?
What is Checksums?
A checksum is an alpha-numeric code, which is unique to a file, and the slightest change in the file will change the complete checksum all together. If you have two text files, for example, having the same content, with one of them having an exclamation mark (!) instead of a period (.), the complete checksum will be different for the two files.
The size of the checksum though will always be the same, no matter whether the file is 1 KB or 4 GB in size. The checksum of a file is generated using a plethora of cryptographic algorithms, and a few of the most-used algorithms are SHA-1, SHA-2, SHA-3, SHA-256, SHA-512, MD5, etc. Needless to say, the checksum of the same file will vary depending upon the cryptographic algorithm you are using.
If you come across a file online, and the checksum for the file is revealed to you by the source, the algorithm used to generate the checksum should also be there in conjugation with that. Thus, while you yourself calculate the checksum, make sure you are using the same cryptographic algorithm to make sure the file isn’t corrupted.
How reliable are the checksums?
Just like you feel satisfied after seeing your pet’s delightful face; after a toiling day at the office, you should be equally satisfied if the calculated checksum matches the one that is sent to you from the authentic source of the file. Yes, checksums are that reliable. But hey, wait! Checksums can be misleading at times, so don’t stop reading here.
Security researchers have found out flaws in the SHA-1 and MD5 cryptographic functions, where two different files resulted in the same checksum or hash. Thus, SHA-1 or MD5 hashing functions result in collisions, and hackers sometimes exploit this vulnerability to offer similar looking files with the same checksum or hash, making you believe, you have got the original file. But that only happens once in a blue moon, so you better don’t worry so much. Thus no, SHA-1 or MD5 hashing functions aren’t cent percent reliable, to say the least.
But, SHA-256 and SHA-512 on the other hand, have never resulted such situations till date, and thus, most applications today calculate at least the SHA-256 checksum to verify the integrity of files in the digital world.
How to find checksum of files on Windows using the command?
Irrespective of the platform you are on, or the operating system you are using, there are native tools to find the checksum of the files. Nevertheless, you can even rely on third-party tools to calculate the checksums and to avail more options. Just compare the calculated checksum with the original one to ensure, you have the genuine file.
On Windows, open Windows PowerShell by hitting the ‘Windows + X’ key combination, or by right-clicking on the start menu, and then ‘Windows PowerShell’ from the menu.
Now type in the following command without the quotes.
Get-FileHash ‘Path’ -Algorithm ‘algorithm name’
For example, I have a file with the name ubuntu-18.04.2-desktop-amd64.iso on my C drive, and I want to calculate the SHA-1 hash or checksum of the file. So my command should look somewhat like this.
Get-FileHash C:\Downloads\ubuntu-18.04.2-desktop-amd64.iso -Algorithm SHA1
The ‘-Algorithm’ is an optional argument, and you can run the command without keeping that extra argument. Without the ‘-Algorithm’ argument, the SHA-256 of the file will be calculated, which certainly is more reliable, and I have already discussed the reason behind it.
Depending upon the size of the file, and the power of your CPU, it can take a few minutes for the completion of the process.
Just compare it with the checksum of the original file, calculated using the same algorithm to ensure, the file is intact from the source.
How to find checksum on Windows 10/8/7 graphically?
1. If you don’t want to go through the hassles of using the command line on PowerShell, you can even use some GUI tools to find the checksum of a file.
2. Just download HashTab on your Windows computer and install it.
3. After the installation is complete, just right-click on a file, and click on ‘Properties’.
4. Here tap on the ‘File Hashes’ Tab to find the checksum of the selected file.
5. HashTab can calculate the checksum of the input file through a number of different algorithms. Just click on ‘Settings’ to find the other algorithms.
6. Just mark the hashes or checksums you want to see, and finally click on ‘OK’.
sha256 checksum Linux command line
1. On Linux as well, you can calculate the checksum of a file directly from the ‘Terminal’.
2. Just open your command terminal, and type in the following command without the quotes to find the SHA-256 on Linux based operating systems.
For example, if your file with the name abc.txt is located in the current working directory, just type in the following command.
You can even use the GtkHash (see: how to use it on Ubuntu) utility for Linux to find the checksum of a file on Linux through GUI if you aren’t that comfortable on the Terminal or command line.
That was all about checksums. Hope the information was helpful for you. Do you still have any questions in your mind? Feel free to comment the same down below.
Other Useful Resources: