A Crash Reading of Checksums

Have you possibly heard about checksums, or even seen it in every download you make in a day, that little code that you see near a "Download" button or anywhere around? That code is there for a reason, this is a formal way to verify the integrity of files, as simple as that.

The Checksum code is a numeric value computed for a block of data, and it's relatively unique. This is considered a good security practice to check if you are using or manipulating a legitimate file that came from the developers of the software.

If you download a file and perform a checksum comparison and notice that both codes are not equal, the downloaded file can be corrupted in any form, and for hackers, this can be considered a good way to get into your system without suspecting it.

This checksum code is mostly present on ISO files or specific software.

It’s quite easy to generate a sha1sum (or whatever hashing type was set) command to run the math algorithm against the file to return the checksum value and compare.

In Unix-based systems, we have the sha1sum command

sha1sum <yourfile>

The execution of this file will represent all data in a single file, if it matches, you can virtually guarantee that the data is the same, the public version vs your local version, where, the public is a copy from the download source (Internet) and the local is the downloaded one.

You can also play with other types of hashing, like sha256sum or sha512sum, like:

sha256sum <yourfile>

That’s it.

After this, check your downloads checksums and compare them