Checking MD5 SHA1 etc hashes to verify files

You may have noticed that websites are now offering “checksums” beside their downloads. The most common ones are MD5 and SHA1. What are these things you ask?

Well, they’re like digital fingerprints. Once you have a file ready to distribute you can run it through a hash generator to create its unique fingerprint.  If even one character in the file is changed, you can find a huge difference

 For example


compared to


 And that big difference is due to me changing JUST ONE “0” to a “1”. That’s it, otherwise, it was the same file.

 There are many good programs to check your file’s digital finger print, but I use which I found through Download and install it or use your own checker.

 So let’s run through the process of checking md5s/hashes.

 I’ll be downloading Xampp for windows from Apache Friends.

Xampp md5 screenshot

You’ll see that when you mouse over the md5 and sha1 it will display the fingerprint value.

Select your download, click it and leave this page open.

Once it’s downloaded open up the checker.

md5 checker

Click browse and locate your downloaded file.

Your checker will automatically generate all the hashes like below. 

auto generated hashes

At this point you can do one of two things.

You can either enter the correct hash in the bottom box or you can eyeball it.

Doing it the sure way

If you enter the hash in the box below and it matches you’ll get:

 hash matched

If it doesn’t match you’ll get a Hash Does not match! Error like below.

 no match

Eyeballing it

Now the second way is not as “secure” but it’s pretty dang close. Eyeballing it involves looking at the first 6ish numbers and the last 6ish numbers between the website and the checker. If both sets match, then you can be really sure that they are the same file. Because as I showed earlier, if even one number is changed the fingerprint is completely different.

 That’s pretty much it.

What steps do you take to ensure that the files you download are the right files?  Do you ever wonder if you’re going to download a virus when downloading?


2 responses to “Checking MD5 SHA1 etc hashes to verify files”

Leave a Reply

Your email address will not be published.