- Hashes or checksums allow you to verify the integrity of files, disks, and transmitted data, acting as a unique digital fingerprint.
- Modern algorithms such as SHA-256, SHA-3, or BLAKE2 are recommended over MD5 and SHA-1, which are now considered unsafe due to practical collisions.
- Windows, Linux macOS and include native tools (CertUtil, Get-FileHash, shasum, md5sum, sha256sum) to generate and verify hashes without installing extra programs.
- There are numerous graphical utilities and online services for managing hashes, but for sensitive files it is preferable to use local tools and official sources.
When we download an ISO of an operating system, a program installer, or any large file, we assume that it is intact and untouchedHowever, errors can occur during the download, or worse, someone could have replaced the original file with a malicious version without our knowledge. It is a good practice to digital hygiene.
To avoid surprises, cybersecurity has been using for decades the following checksums or hashesThey're like a file's digital fingerprint: if that fingerprint changes, the file is no longer the same. And the best part is that Windows, Linux, and macOS have very simple tools to generate and verify these hashes without needing to install anything (although there are also very user-friendly graphical programs).
What is a hash, checksum, or verification sum?
A hash (or checksum) is the result of applying a unidirectional mathematical function to a block of data: a file, a text, even an entire disk. That function returns a fixed-length character string (for example, 128, 160, 256, or 512 bits) that uniquely represents that content.
If we take a file and calculate its hash, we will get something like this: a435f6f393dda581172490eda9f683c32e495158a780b5a1de422ee77d98e908If we recalculate the hash on the same file without modifying it, the result will be exactly the same. As soon as we change a single bit (a character in a document, a byte in an ISO file…), the hash changes completely.
That's why a hash is often compared to a digital fingerprintIf two files share the same hash, they are considered identical for practical purposes. If the hashes differ, it means the content has changed, either due to corruption during download, a disk failure, or malicious manipulation.
These functions are unidirectional: the original file cannot be directly reconstructed from the hash. Unlike encryption, there is no "decryption key" to return the data; the hash only serves to... verify integrity, not to recover information.
What is the purpose of verifying the hash of a file?
Hash verification is used constantly in computing, often without the user being aware of it. It is a fundamental component for to guarantee integrity, authenticity and, in some scenarios, confidentiality of the data.
The most common use in day-to-day life is to check that a downloaded file (a Linux ISO, the firmware of a router(an executable file…) matches the original provided by the vendor. The developer publishes the official hash (for example, a SHA-256) and we calculate the hash of the downloaded file to check checksumIf both values match, we can assume that There have been no errors or manipulations during download.
Hashes are also used for store passwords securelyInstead of storing the password in plain text, the system stores its hash. When the user authenticates, the hash of the entered password is recalculated and compared to the stored hash. If they match, access is granted. Because these are one-way functions, if someone steals the database, they will only see hashes, not the original passwords.
In forensic analysis and chain of custody, the hash of disks, forensic images, and relevant files is calculated to demonstrate that They have not been altered throughout the entire processState Security Forces and forensic teams use functions such as MD5 and SHA-1 (even knowing their weaknesses) in combination, because they are usually very fast to calculate even in volumes of hundreds of gigabytes.
In secure networks and protocols, hash functions are integrated into mechanisms such as SSL/TLS, SSHIPSec, PGP or HTTPS to ensure that the data being transported is not modified along the way. They are also key in blockchain technology and cryptocurrencies, Bitcoin uses SHA-256 to validate transactions, chain blocks, and maintain the integrity of the entire chain.
Most commonly used types of hash algorithms

There are many different algorithms for generating hashes, with varying lengths and security properties. Not all of them are equally recommended today, because some have proven vulnerable to collision attacks. Different algorithms They have very different uses and performances.
MD5 For years it was king. It generates 128-bit hashes and was used to verify file integrity and protect passwords. The problem is that collisions have been found in practice: it's possible to create two different files that share the same MD5 hash, allowing an attacker to slip altered files in without triggering the verification. That's why It is not considered safe. for cryptographic uses, although it is still used for its speed in forensic or internal control tasks.
SHA-1With 160-bit hashes, it was also very popular for digital signatures and file verification. But the cryptographic community demonstrated real collisions (Google and CWI even generated two PDF with the same SHA-1), so it has also classified as unsafe For serious work. Some legacy systems still use it, but migrating to more robust alternatives is recommended.
The SHA-2 (SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256) is the current de facto standard. SHA-256 (256 bits) and SHA-512 (512 bits) are the most common. Although they were designed by the NSA, which raises some suspicions within the community, no practical attacks are known to compromise their security as integrity functions. They are the recommended option for Verification of downloadsdigital signatures and secure protocols.
SHA-3 (Based on Keccak) was chosen in a public competition organized by NIST, with designs from outside the NSA. It offers lengths of 224, 256, 384, and 512 bits and an internal structure different from SHA-2, thus providing cryptographic diversity. It is considered very secure and is a modern alternative when we want to avoid relying solely on SHA-2.
BLAKE2 and derivatives like BLAKE3 are more recent algorithms that stand out for combining High security and high performanceBLAKE2b is optimized for 64-bit systems and BLAKE2s for 8- to 32-bit architectures. They are faster than SHA-3 and, in many scenarios, also faster than SHA-2, so they are used in applications that need to process large volumes of data at high speed, including parts of the cryptocurrency ecosystem.
How to break a hash: collisions and other attacks
In theory, hash functions are designed to make it virtually impossible to find two different inputs with the same result (a collision) or to recover the original data from the hash. In practice, there are several types of attacks against hashes which is useful to know, especially in the context of passwords.
The attack of brute force It involves generating hashes of all possible combinations until the one matching the desired value is found. It's very slow if the algorithm is robust and the input is sufficiently long and complex, but it remains viable against short passwords or older algorithms, especially with hardware specialized (GPUs, ASICs…).
The dictionary attacks They exploit lists of common words (dictionaries, leaked passwords, typical patterns) and generate their hashes to compare them with those stolen from a database. This is much more efficient than trying every possible space, which is why using simple passwords, typical phrases, or predictable patterns is so dangerous.
An attack by collision It directly searches for two distinct inputs that produce the same hash. This is what has ruined the reputation of MD5 and SHA-1: if manipulated files can be created that maintain the same hash as the original, we can no longer rely on these algorithms to guarantee integrity. In modern applications, finding collisions in a practical way remains impractical.
The famous rainbow tables They are another approach: hashes of a massive number of possible inputs (for example, all passwords up to a certain size) are pre-calculated and stored, and then matches are searched for. They take up a lot of space and are expensive to generate, but they allow for a drastically faster cracking process if the system does not implement additional security measures.
To defend ourselves, in the context of passwords, techniques such as adding a salt (a random value that is concatenated before hashing) and use specific algorithms for storage of keys (bcrypt, scrypt, Argon2…) that are deliberately slow and memory-intensive, greatly complicating large-scale attacks. If you want to delve deeper into this, consult What is the salt in the hash?.
Generating and verifying hashes in Linux
In Linux we have practically everything we need to work with hashes out of the box. terminalCoreutils utilities cover MD5, SHA-1, SHA-2, and BLAKE2, and we can add support for SHA-3 with an extra package on Debian-based distributions.
To have the basic tools (md5sum, sha1sum, sha256sum, b2sum…), you only need to have the package installed. coreutilswhich comes by default in any reasonably modern distro. If we want commands Specifically for SHA-3, on Debian, Ubuntu and derivatives we can install libdigest-sha3-perl with:
sudo apt install coreutils
sudo apt install libdigest-sha3-perl
Suppose we have a file called geekland.txtTo calculate its MD5 hash we would use:
md5sum geekland.txt
The output will show something like d41d8cd98f00b204e9800998ecf8427e geekland.txtIf we send that file to another person along with the hash, they can verify its integrity with:
echo "d41d8cd98f00b204e9800998ecf8427e geekland.txt" | md5sum --check
If the tool responds with “The sum matches"" means that the file they have is identical to ours. The same pattern applies to the rest of shasum family:
shasum -a 1 geekland.txtfor SHA-1.shasum -a 256 geekland.txtfor SHA-256.shasum -a 512224 geekland.txtfor SHA-512/224.
In all cases, the mode used to check integrity is... –check Combining the expected hash and the filename:
echo "e3b0c4...7852b855 geekland.txt" | shasum -a 256 --check
For SHA-3, with the commented package, we have the command sha3sumFor example, to calculate an SHA3-512 hash on our file:
sha3sum -a 512 geekland.txt
If we want to use BLAKE2, we simply pull b2sum:
b2sum geekland.txt
Verification, as before, is done with --check or with a threw out that combines the hash and the file name.
Verify the hash of an ISO in Linux and macOS
When we download, for example, the image ubuntu-22.04.3-desktop-amd64.iso From the official website, the project usually publishes the corresponding SHA-256 hash alongside it. Let's imagine that the advertised value is
a435f6f393dda581172490eda9f683c32e495158a780b5a1de422ee77d98e909
In Linux we can verify this with:
echo "a435f6f393dda581172490eda9f683c32e495158a780b5a1de422ee77d98e909 ubuntu-22.04.3-desktop-amd64.iso" | shasum -a 256 --check
If the output is “OKWe know the downloaded image matches the official one and can install it with confidence. This same command will work exactly the same on macOS, since shasum It is also available as standard.
Alternatively, on macOS we can use:
shasum -a 256 nombre_del_archivofor SHA-256.md5 nombre_del_archivofor MD5.
Another advanced cross-platform option is to use OpenSSL from the terminal, for example:
openssl sha256 nombre_del_archivo
Graphical interface tools for hashes on Linux, Windows, and macOS
Not everyone wants to struggle with the console, and for that there are many options. graphics utilities which greatly facilitate the calculation and verification of hashes, many of them free and cross-platform.
One of the best known is QuickHash GUI, an open source application available for Windows, Linux and macOSFrom a multi-tabbed window, you can calculate hashes of text, individual files, entire directories, physical disks, and even Base64-encoded data. It supports algorithms such as MD5, SHA-1, SHA-2 (SHA-256, SHA-512), SHA-3 (256 bits), BLAKE2B (256 bits), xxHash, and BLAKE3.
The eyelash Text It allows you to input a fragment and obtain its hash on the fly using the chosen algorithm. File We select an individual file to calculate its hashes. Files It processes all the files in a folder (including subdirectories and optionally hidden folders) and displays a list with the generated values.
With Compare Two Files We can compare two files located in different paths: if the hashes match, it will display “MATCH!"; but, "MIS-MATCHSimilarly, Compare Two Folders It compares the contents of two directories based on the hashes of their files, not on the names of the files.
The eyelash Copy It's particularly interesting: it allows you to copy files from one location to another and, at the same time, verify with hashes that the copy was successful. This is very useful when cloning large structures and you want to be sure that nothing has been corrupted in the process.
In the Linux world, we also find tools such as GTKHash, designed as a graphic alternative to md5sum and company. GTKHash calculates MD5, SHA-1, SHA-2, SHA-3, BLAKE2, etc. hashes, and integrates with file managers such as Caja, Nemo or Thunar through extensions (caja-gtkhash, nemo-gtkhash, thunar-gtkhash), which allows you to right-click on a file and obtain its hashes without leaving the browser.
Tools for verifying hashes in Windows (PowerShell, CertUtil and external programs)
Windows has two pre-installed command-line utilities that more than cover basic needs: Get-FileHash (available in PowerShell) and CertUtil (available in cmd or PowerShell). You can See how to check checksums in Windows 11.
From PowerShell, Get-FileHash It quickly calculates the hash of any file. By default, it uses SHA-256, but we can specify other supported algorithms (MD5, SHA-1, SHA-384, SHA-512, etc.) using the parameter -AlgorithmFor example, to obtain the SHA512 of setup.exe:
Get-FileHash -Algorithm SHA512 .\setup.exe
If we prefer to use CertUtilwhose syntax is somewhat older but equally effective, the general form is:
certutil -hashfile Ruta\al\Archivo.ext SHA256
We can replace SHA256 by MD5, SHA1, SHA512 or variations depending on our needs. This tool is very useful for integrating into powershell scripts automation without relying on third-party software. There is also Verify file integrity with Sigcheck as an advanced alternative.
If we want to go a step further and forget about the terminal, there are solutions like OpenHashTabThis adds a "Hashes" tab to the Explorer file properties window. From there, you can see at a glance the MD5, SHA-1, SHA-256, SHA-512 values (and other configurable algorithms), paste a hash provided by the vendor into the "Check against" field and let the program tell you if it matches, or export the results to a text file or to [a specific format]. clipboard.
Another very popular use is Hasher LiteIt works by dragging and dropping: you drop one or more files into its window and it calculates their hash using up to ten different algorithms. It allows you to copy each result to the clipboard, compare it directly with the value you already have copied, process up to 100 files at once in its free version, and export the lists to text.
We also have programs like Hash My Files, multi-hasher, MD5 & SHA Checksum Utility, DeadHash, HashCalc, MD5 Hash Check, Checksum Control, Hash generator or Microsoft's veteran tool IVF (File Checksum Integrity Verifier), all of them focused on calculating and comparing hashes in bulk, integrating with the context menu, and offering support for a wide variety of algorithms.
Calculate the hash of a disk or entire folder
In addition to fingerprinting individual files, there are utilities capable of calculate hashes of entire directories or even entire disksThis is very useful when we want to verify the entire contents of an external drive, a forensic image, or a backup.
A classic tool for this type of task is md5deep (and its successor hashdeep). It allows you to generate MD5 (and other algorithms) checksums of all files contained in a directory or drive, recursively, and save the results to a text file. For example:
md5deep -rel F:\ > F_resultado.md5
In this command, -r indicates recursion, -e can show estimated time, -l prints relative paths, and F: \ That would be the base drive or path. The file F_resultado.md5 It will contain the list of hashes for all the content.
Later we can use md5deep to compare a set of files with a known list of hashes and that it only highlights the ones that don't match. Using the option -X We can detect entries whose hash has changed with respect to the original listing, which is very useful for auditing changes in backups or detecting tampering.
In a graphical environment, utilities such as GizmoHasher QuickHash itself allows you to select drives, folders or collections of files and generate/save their hashes with support for multiple algorithms (MD5, CRC32, SHA-1, SHA-2, etc.), compare them with other lists and visually locate differences.
Online tools for generating hashes: when to use them
There are also web services that allow you to upload a file or enter text and obtain its hash without installing anything on your computer. Websites like File checksums, HTML5 File Hash Online Calculator o Defuse Online Text & File Checksum Calculator They offer support for dozens of algorithms (MD5, SHA-1, SHA-2, SHA-3, CRC32, etc.) and are convenient for quick testing.
The big drawback is obvious: you have to upload the file to an external serverAlthough some services promise not to store data, the general recommendation is to use them only with non-sensitive files (nothing like databases(private documents, mobile backups, etc.). For anything that might contain important information, it's best to stick with the operating system's own local tools.
Passionate writer about the world of bytes and technology in general. I love sharing my knowledge through writing, and that's what I'll do on this blog, show you all the most interesting things about gadgets, software, hardware, tech trends, and more. My goal is to help you navigate the digital world in a simple and entertaining way.