You’ve downloaded a file from a website, and you want to make sure it hasn’t been tampered with.
The site provides something like:
SHA256: 0c9d19f5ab9e8a7d5c2e...
But what does that mean? And how do you use it?
Let’s walk through how file hashes work — and how to verify them step by step.
✅ 1. What is a file hash?
A file hash is a digital fingerprint of a file.
It’s created using an algorithm (like SHA256 or MD5) and:
-
Changes completely if the file is altered — even slightly
-
Helps you confirm that your download is genuine and unmodified
✅ 2. Where to find hashes
Developers often publish them next to the download button:
-
SHA256orSHA1(preferred) -
Sometimes
MD5(less secure, but still used)
✅ If there’s no hash listed, that’s a red flag for high-risk software.
✅ 3. How to check a hash on Windows
Method 1 – PowerShell
This shows SHA256 by default.
Method 2 – Use a free tool
-
QuickHash GUI (Windows/Linux/macOS)
Drag the file into the app → Compare the displayed hash with the one from the website.
✅ 4. How to check on macOS
Using Terminal:
or for MD5:
✅ Copy the hash and compare manually.
✅ 5. What if hashes don’t match?
If the hashes are different:
-
The file may be corrupt
-
It may have been tampered with
-
It’s not the official version
⚠️ In that case — do not open or install the file. Re-download from the original site.
Key points to remember
-
File hashes confirm the authenticity and integrity of downloads
-
Use SHA256 when possible — MD5 is older and less secure
-
Compare downloaded hash values with those listed on trusted sites
-
If they don’t match, don’t install the file
-
Hash verification = peace of mind