What is a Checksum?

Checksum Examples, Use Cases, and Calculators

Photo of the words 'security key' hidden in random hexadecimal code
© Krzysztof Zmij / E+ / Getty Images

What is a Checksum?

A checksum is the outcome of running an algorithm, called a cryptographic hash function, on a piece of data, usually a single file. Comparing the checksum that you generate from your version of the file, with the one provided by the source of the file, helps ensure that your copy of the file is genuine and error free. A checksum is also sometimes called a hash sum and less often a hash value, hash code, or simply a hash.

A Simple Checksum Example

The idea of a checksum or a cryptographic hash function might seem complicated and not possibly worth the effort but I'd like to convince you otherwise! Checksums really aren't that hard to understand or create.

Let's start with a simple example, hopefully showcasing the power of checksums to prove that something has changed: The MD5 checksum for the phrase "This is a test." is 120EA8A25E5D487BF68B5F7096440019. It's a long string of characters that represent that sentence.

For our purposes here, they essentially equal each other. But make even a slight change, like removing just the period, will produce the completely different checksum of CE114E4501D2F4E2DCEA3E17B546F339.

As you can see, even a minuscule change in the file will produce a vastly different checksum, making it very clear that one is not like the other.

Checksum Use Case

Let's say you download a big update, like a service pack, to a program you use every day, let's say a graphics editor.

This is probably a really big file, taking several minutes or more to download.

Once downloaded, how do you know that the file downloaded properly? What if a few bits were dropped during the download and the file you have on your computer right now isn't exactly what was intended? Applying an update to a program that isn't exactly the way the developer created it is likely to cause you big problems.

This is where comparing checksums can put your mind at ease. Assuming the website you downloaded the file from provides the checksum data alongside the file to be downloaded, you can then use a checksum calculator to produce a checksum from your downloaded file.

For example, say the website provides the checksum MD5:5a828ca5302b19ae8c7a66149f3e1e98 for the file you downloaded. You then use your own checksum calculator (see Checksum Calculators below) to produce a checksum using the same cryptographic hash function, MD5 in this example, on the file on your computer. Do the checksums match? Great! You can be very confident that the two files are identical.

Do the checksums not match? This can mean anything from the fact that someone has replaced the download with something malicious without you knowing, or to a reason less sinister like that you opened and changed the file, or the network connection was interrupted and the file didn't finish downloading. Try downloading the file again and then create a new checksum on the new file and then compare again.

Checksums are also useful for verifying that a file you downloaded from somewhere other than the original source is in fact a valid file and hasn't been altered, maliciously or otherwise, from the original.

Just compare the hash you create with the one available from the file's source.

Checksum Calculators

Checksum calculators are the tools use to compute checksums. There are plenty of checksum calculators out there, each supporting a different set of cryptographic hash functions.

My favorite free checksum calculator is Microsoft File Checksum Integrity Verifier, called fciv for short. Fciv supports only the MD5 and SHA-1 cryptographic hash functions but these are by far the most popular right now.

See How to Verify File Integrity in Windows with FCIV for a complete tutorial. Microsoft File Checksum Integrity Verifier is a command-line program but is very easy to use.

Another excellent free checksum calculator for Windows is eXpress CheckSum Calculator, often abbreviated XCSC. If you're not comfortable with command-line tools, XCSC is probably a better choice. It supports MD5 and SHA-1, as well as CRC32. JDigest is an open source checksum calculator that works in Windows as well as on MacOS and Linux.

Note: Since not all checksum calculators support all possible cryptographic hash functions, be sure that any checksum calculator you choose to use supports the hash function that produced the checksum that accompanies the file you're downloading.

More From Us