How to validate a checksum
Verify that a file you downloaded is exactly what it’s supposed to be — no corruption, no tampering.
What is a checksum? A checksum is a short string of letters and numbers — like a fingerprint for a file. When you download something, the provider gives you the expected checksum. You generate one yourself from the downloaded file and compare the two. If they match exactly, the file is safe and intact.
Step by step
Find the expected checksum
Look on the download page for a string like sha256 or md5 next to a long code — something like 3a4b9f2c…. Copy it and save it somewhere handy. Some sites offer a separate .sha256 or .md5 file to download alongside the main file.
Open a terminal on your computer
Press the Windows key, type PowerShell, and press Enter to open it.
Press Cmd + Space, type Terminal, and press Enter to open it.
Press Ctrl + Alt + T to open a terminal.
Run the checksum command
Type the command for your system, replacing yourfile.zip with the actual filename (you can drag the file into the terminal to paste its path automatically).
This uses SHA-256 by default, the most common type. If you need MD5 instead, use: Get-FileHash yourfile.zip -Algorithm MD5
If the site gives you an MD5 hash instead, use: md5 yourfile.zip
If the site gives you an MD5 hash instead, use: md5sum yourfile.zip
Compare the two checksums
Your terminal will print out a long string. Compare it to the expected checksum from the website — they must be identical, character for character.
3a4b9f2c8d1e7f60a5b2c9d4e8f1a3b7
3a4b9f2c8d1e7f60a5b2c9d4e8f1a3b7
Both checksums are identical. Your file arrived intact and has not been altered.
3a4b9f2c8d1e7f60a5b2c9d4e8f1a3b7
3a4b9f2c8d1e7f60a5b2c9d4e8f1c0d2
Even one character difference means something is wrong. Delete the file and download it again from the official source.
Tip: Checksums are case-insensitive — 3A4B and 3a4b are the same. But every other character must match. Copy and paste rather than typing by hand to avoid mistakes.
Which algorithm? The download page usually tells you — look for “SHA-256”, “SHA-1”, or “MD5” next to the hash. SHA-256 is the most common and most secure. If you’re unsure, try SHA-256 first.