If you’ve been around for a while in the world of computers and, why not, even cybersecurity, you may have heard the term checksum thrown around here and there, even in casual “How have you been” conversations. That’s mainly because checksums are still a reliable way to assess whether or not a batch of data or a single item corresponds to certain parameters or has suffered various modifications.
If you’ve ever downloaded open-source materials from various websites, you might’ve noticed that some of them had this checksum value proudly displayed on the website, most likely accompanied by a message telling you to see if the checksum of your downloaded file matches the one on the website. If that piece of advice and that cryptic string of seemingly random alphanumeric characters confused you, we’re going to shed some light on this for you in just a bit.
What is a checksum?
In technical terms, a checksum is merely a small block of data that are derived from another block of data in order to serve a simple, yet important purpose: to perform checks and detect if any errors have been slithering within the data during storage or transmission. In other words, it’s a tiny indicator that lets us know if the original data has suffered any modifications.
It’s quite important to mention that this checksum doesn’t just happen, as it’s actually created through an operation called a checksum function. However, you may also encounter it in the form of a checksum algorithm, just so you know. An algorithm’s design can vary, but as a rule of thumb, an effective checksum algorithm should output a significantly different value (checksum) even for the slightest changes made in the input, regardless of the type of document or data.
What is checksum used for?
Most often, the small data blocks (checksums) are used to perform data integrity checks on various files, as we’ve briefly explained earlier, during the introductory part of our article. For instance, if a developer creates a program, it can also generate a checksum and display it on its website, so that you can also check the document’s checksum once you download it on your PC and see if it matches the original value.
If the checksum of the current file (or data input) is not the same as the stored value of the previously computed checksum, that’s a definitive sign that the input has been tampered with in some way. If the checksum of the current data input matches the one that’s been previously computed (for instance, when the data set was first generated), then it’s very probable that the data didn’t suffer any modification or corruption, whether by accident or on purpose.
Different types of checksum
As with cryptography algorithms, checksum algorithms can be of various types, and each of them can be more suitable for a specific purpose than its counterparts. We’re going to list the most common types of checksum algorithms and tell you a bit more about each one of them, so you can grasp the concept in a more effective manner.
If you’re not exactly tech-savvy or you don’t enjoy technical mumbo jumbo, we suggest you skip these few sections that explain the most commonly used forms of checksum algorithms and head directly to our instructions on how you can use checksums to validate files.
Parity word or parity byte
We’re starting with the simplest checksum algorithm, which is better known as the longitudinal parity check. The way this algorithm works is by splitting the data into words that have a fixed number of bits (n) and then calculating the “exclusive or” (XOR) of all the words it just processed. The result of this computation is added to the message as an extra word.
In order to check the integrity of a message, the receiving party computes the “exclusive or” (XOR) of all the words, checksum included and checks whether or not the result is a word consisting of (n) zeros. If it is, everything is a-OK, but if not, it’ll know an error has occurred somewhere during the transmission.
Although it’s the simplest checksum algorithm, it’s not exactly the most efficient one. The parity word/byte algorithm will successfully detect an incorrect checksum if any transmission error occurs in such a fashion that it affects either a single bit of the input or an odd number of bits.
However, if the bits are located at the same position in two distinct words and the error affects them, the algorithm won’t detect an error, misleading you into believing that everything is alright, when in fact, it’s not. The same scenario can occur if you swap two or more words; the algorithm won’t detect an error, which could be quite dangerous.
There’s a third scenario where you can choose the affected bits randomly. In this case, the probability that a two-bit error will be detected is 1/n (n = the fixed number of bits we’ve mentioned above).
As you’d expect, due to the fact that it’s flawed, there was an attempt to perfect the algorithm mentioned and described above, so the sum complement algorithm was designed. Unlike the parity check algorithm, the sum complement added all the “words” as binary, unsigned numbers, all the while discarding every overflow bit, as well as adding the two’s total complement as the checksum.
In order to validate a message, the receiving party needs to add all the words just like the longitudinal parity check algorithm does, also including the checksum. If the resulting string is not a word that is full of zeros, it’s a strong indicator that a transmission error has occurred at some point. However, this algorithm can too, detect only single-bit errors. However, the SAE J1708 uses the promodular sum.
The position-dependent checksum algorithm aimed to fix the flaws of both functions described above since they’re not exactly able to detect many common errors that can occur on more than one bit. Some examples of these common errors include inserting or removing words with all bits set to zero, as well as changing the order of data words.
As a result, a checksum algorithm design was created to bypass these limitations and inform about these types of errors accurately. The way this algorithm works is given away by its very name: position-dependent. Thus, this algorithm checks not only the value of each word in the input but its position in the sequence, as well. Seeing that there is more than one parameter taken into consideration, the position-dependent checksum function increases the checksum computing costs.
A few examples of position-dependent checksum algorithms are Adler-32, cyclic redundancy checks (CRCs), and Fletcher’s checksum.
This type of checksum algorithm was developed as an efficient way to detect email spam. The way this function works is by generating cooperative databases coming from several ISPs. These databases comprised emails that were either suspicious or reported as being spam.
However, since the content of each spam mail can be wildly different than the next one, it would render classic checksum algorithms and checks ineffective and therefore not worth using. In turn, using a fuzzy checksum algorithm can reduce the body of a mail to a minimum, then compute a checksum as usual.
The reason why this technique works is that it increases the chance that emails that are slightly different will generate the exact same checksum. At the time being, there are some centralized services (DCC, for instance) that receive submissions from cooperating ISPs checksums of all emails detected by their spam detection software.
There’s a certain threshold that the count of a submitted fuzzy checksum must not exceed. If it does, then the database marks the submission as potential spam.
How to use file checksum?
If you’re serious about your computer’s security and understand the dangers of haphazardly downloading files left and right from shady websites, then you might want to use the checksum to verify the integrity of your files before downloading or copying them anywhere they may be able to do some damage.
Here’s a grim reminder that virtually any source can be compromised, and a cleverly disguised attack could trick you into believing you’ve actually downloaded the file from a trusted, official source. Therefore, making sure that you’ve really downloaded the right file is paramount to your PC’s security.
Unfortunately, Windows doesn’t come with a GUI checksum utility, so you’ll either have to stick with its CMD tool or download a third-party tool that has a user-friendly interface. We recommend you go with the latter, especially if you have no previous experience in data integrity verifications, checksums, and using any data integrity tools.
For this article, we’re going to use IrfanView, a popular freeware image viewer that you may have heard of, or you already have installed and ready on your PC. Anyway, head to the IrfanView download page and notice that under each version you can download from the official website there’s an additional line that may look a bit like gibberish if you’ve never seen something like it before.
The line should look something like this:
(SHA-256 checksum: 6a67f079f8036a30e9e13fd9baecf0d37da18106050880a3f12845e445f8786f)
Make note of it and just leave it like that for the moment. We’re going to get back to it during our brief instructional guide in just a few moments. For now, just download any version of IrfanView you want, but make sure to note the weird-looking line below the download link.
1. Using certutil
- Download IrfanView
- Press the Win + R key combination on your keyboard
- Type CMD and hit the Enter button on your keyboard
- In CMD, use CD to reach the folder you’ve downloaded IrfanView to
- Type the following command, but replace FILE with the file you want to perform the integrity check on (including its extension) and HASH with the algorithm specified by the developer (in our case it’s SHA256)
certutil -hashfile FILE HASH
- Hit the Enter key on your keyboard
- Check if the two checksums are identical
If there’s an error, it’s very unlikely that the two checksums (the official one and the one you’ve calculated with certutil) will be almost identical. As we’ve mentioned above, any change in the input file should generate a totally different checksum which should be immediately obvious. However, stranger things have happened, and you’re definitely better safe than sorry, so you should check it to see if your checksum is EXACTLY like the one on the website.
If the two checksums are identical, congratulations! You have a file with 100% integrity, meaning that you’ve downloaded a copy of the exact same file as the website is currently hosting and it should be safe to store it on your PC or install it if appliable. On to the next one.
Note that certutil works with several hash algorithms other than SHA256, including MD2, MD4, MD5, SHA1, SHA384, and SHA512. Therefore, you should feel free to change the hash type to the one that the official file owner/creator is using, if it’s different than SHA256.
2. Using MD5 Checksum Tool
MD5 Checksum Tool is a free software solution that was developed to help you calculate file hashes without having any previous experience with similar programs or being skilled in the art of operating a PC. You just install the program, feed it a file and let it do all the heavy lifting.
Furthermore, the program has some additional features, including batch file processing, so you can check the integrity of multiple files at the same time, multiple hash algorithm support, and a component that lets you compare a file against a checksum without even having to look at them.
Of course, you can replace the MD5 Checksum Tool with any other third-party tool that you see fit for this job, but we’ve found this one and are pretty fond of it. So if you want to stick with our recommended tool, you may want to find a working version of this program from a trusted source and take the following steps:
- Download MD5 Checksum Tool on your computer
- Run the installer executable you just downloaded
- Follow the on-screen instructions and prompts to install the app on your PC
- Launch MD5 Checksum Tool
- Click the … button that’s next to the file box
- Navigate to the folder where you’ve downloaded IrfanView on your PC
- Double-click the IrfanView installer executable to load it in MD5 Checksum Tool
- Click the Hash button
- Notice that all the fields have been populated with strings of characters
- Check the appropriate hash from the list against the one displayed on the IrfanView website
If you just don’t want to spend time checking that each character in your hash matches the checksum displayed on the website, MD5 Checksum Tool offers you a way easier way to perform this tedious operation. However, you should know that this technique only works for MD5 hashes, so it won’t work in our case. Just follow these steps to successfully compare a file against a known checksum:
- Launch MD5 Checksum Tool
- Navigate to the Compare tool
- In the second (lower) field, press the … button
- Navigate to the location where you saved the file you want to check
- Double-click the file to load it in MD5 Checksum Tool
- Copy the known MD5 hash in the field below
- Hit the Compare button
If the file you loaded has a different MD5 hash than the one you pasted in the field below, MD5 Checksum Tool will be kind enough to let you know. It’s also a pretty good sign that you’re using a different version of the file, possibly one that’s been tampered with, and not in a fun way.
It’s worth mentioning that MD5 Checksum Tool allows you to compare two files to each other in the same fashion. However, instead of using the second section of the Compare tab, you should use the first section, the one that comes with two fields where you can load files.
Once both files are locked and loaded, you should hit the Compare button (the upper one). If your files are identical, the MD5 Checksum Tool will let you know, and will also notify you if their checksum is different.
As you can see, MD5 Checksum Tool, much like many other similar third-party checksum utilities that come with a GUI (Graphical User Interface), offers you a user-friendly, streamlined way to verify the integrity of files on your PC. However, it’s also limited in some regards. For instance, you can’t compare a file to an SHA-256 checksum, so you might have to improvise.
3. Using FCIV
Although you can easily use the certutil CMD utility we’ve described above, you may want to know that Microsoft also released another CMD utility called FCIV, which is short for File Checksum Integrity Verifier. The name of this tool (the long-form) pretty much hits the nail on the head, so you know exactly what it will do before you even use it.
Even though it’s a CMD tool that’s been developed and released by Microsoft, FCIV is not available by default on any version of Windows, so you’ll pretty much have to install it and download it by yourself before getting started. It’s worth mentioning that the tool is probably obsolete, and was designed to work on older versions of the Windows operating system, such as Windows 2000, XP, and Windows Server 2003. Also, the latest version of FCIV was released in December 2004, which is a pretty long time ago.
However, if you’ve decided that you’ll do everything it takes to find, download, and install FCIV on your PC, then by all means do it and come back here once you’ve set it up and you’re ready to use it. We’d direct you to an official Microsoft link, but it doesn’t seem to work anymore, so you’re kind of on your own for this one. Ready? Now here’s how you can use FCIV to check the integrity of your files in no time:
- Hit the Win + R key combination on your keyboard
- Type CMD and hit Enter
- In CMD, type the following command, but replace FILENAME with the actual file you want to check (including the extension):
fciv.exe -both FILENAME
- Hit the Enter key on your keyboard
If you did everything correctly, you should see two hashes for the file you’ve scanned: an MD5, and an SHA-1 one. See, that’s precisely the problem with using FCIV, and why almost nobody uses it anymore, because it’s almost obsolete and only supports MD5 and SHA-1 as its algorithms. Long story short, you’d be way better off using the MD5 Checksum Tool we’ve discussed about above or the certutil tool we’ve described before it.
If you’ve ever used Mac, you’re probably aware of its terminal and know exactly what it’s capable of and how you can use it to your advantage. Well, not if you’ve been using Mac for its straightforwardness and user-friendliness, but just to keep it short and friendly, Mac has a console that’s similar to the CMD and calls it simply Terminal.
1. Using Terminal
The Terminal can help you in a huge variety of ways, as it’s absolutely packed with various tools you can use, and even if it doesn’t include it by default, there’s probably someone who figured out a way to sideload it or provided Mac users with a better alternative. Anyway, the Terminal has a built-in tool that you can use to generate a checksum, which you can compare to the already existing one.
That being said, we’re going to describe a few steps that you can follow if you want to verify the checksum of a file on your Mac. Note that for this demonstration we used IrfanView’s installer executable, since it also offers a checksum right below its download link, making it easy to take note of. Other developers (Ubuntu is one fine example) offer the checksum in a separate text document that you can open and check the value after downloading it. Don’t worry, it’s the same technology, it only involves a bunch of extra steps.
So, naturally, the first thing you’d want to do is download the IrfanView installer executable on your computer (or another file that you already have the checksum for).
- On your Mac, click the magnifying glass icon (top-right)
- Type terminal in the designated search field
- Select the Terminal option from the list of results (should be the first result)
- Use the cd (change directory) command in Terminal to navigate to the folder where you downloaded your file (cd Downloads if you saved it in the Downloads folder)
- Once you’re in the folder where you saved the file, type the following command in the Terminal, but replace HASH with the hash type (in our case it’s 256) and FILENAME with the name of the file, including its extension (ours is iview457_x64_setup.exe)
shasum -a HASH FILENAME
- Your command should look something like
shasum - a 256 iview457_x64_setup.exe
- Check the next line of your Terminal window for the checksum (it should be displayed there)
- Compare the checksum from the Terminal window to the known one (such as the one from IrfanView’s website if you used our example)
Mac’s Terminal supports several hash algorithms, making it possible for you to work with more than just one option. We’re going to list the algorithms you can use to calculate checksums as well as the commands you have to type in the Terminal for them to work. As usual, make sure to replace FILENAME with the actual file of the document you’re calculating the checksum for (including its extension).
shasum -a 1 FILENAME
shasum -a 256 FILENAME
shasum -a 384 FILENAME
shasum -a 512 FILENAME
As we’ve carefully explained before, if the checksum value that you calculated using the Terminal is different than the one on the official website, or the one you’ve downloaded in a separate text document (Ubuntu does that, for instance), then the file you downloaded has been tampered with or has become corrupted at some point during the transmission.
Sometimes downloads can yield corrupted files, especially if the download process has been interrupted. Although some hosts support pausing and resuming downloads, sometimes doing that can result in a corrupted or broken file, which inevitably leads to a different checksum. Just to be sure, you can try to download the file again and see if its checksum is still different.
Of course, it could also happen that the entity that published the file updated it (for instance, publishing a new version of a program) and forgot to post the new checksum, leading you to believe that the content has been tampered with or it’s become corrupted, when, in fact, it hasn’t.
2. Using third-party apps
If you’re not a huge fan of the Terminal and/or simply don’t feel comfortable giving one-line commands to your expensive Mac, then you’d perhaps feel more comfortable using the Mac App Store to find a third-party utility that also offers you a GUI and is generally not as confusing as the Terminal. One such app we were able to locate is called simply Checksum Utility and can be bought at the time being for only $1.99.
After you pay for the app, just download and install it on your device through the Mac App Store, and launch it. You’ll notice that it comes with a quite simplistic interface, and a lot of the information you can find in those sections could be quite confusing, but bear with us. The purpose of the app is not to do any modifications to your device, but to inform you of the integrity of files on your storage media.
According to the official product page on the Mac App Store, you can use Checksum Utility to see if your backup file is working by comparing original documents with their backups, compare files with their older checksums to see if your HDD is damaged, and compare important files with their duplicates to check if your RAM didn’t become corrupted.
Unlike Mac’s Terminal, Checksum Utility supports many more checksum algorithms, thus offering you plenty of elbow room as far as hash type flexibility is concerned. The following algorithms are supported: CRC 32, MD5, SHA 1, MD2, MD4, SHA 2: SHA 224, SHA 256, SHA 384, and SHA 512. Furthermore, you can use the app to save the calculated checksum as a .checksum file for further usage or reference.
You can do so much more with Checksum Utility than with standard Terminal commands, such as compare a .checksum file, a file in your storage, and a checksum value that you input manually, in any combination. If you already have a checksum but have no idea what algorithm it was created with, Checksum Utility can help you identify it easily.
On the downside, Checksum Utility is not able to calculate and compare the checksums of all the files contained within a folder, so you’ll only be able to calculate and compare single checksums. However, if you’d rather want the option to calculate and compare checksums in bulk, you can find a Checksum Folders app in the Mac App Store.
All things considered, Checksum Utility is not only easier to use and (possibly) less confusing than the Mac Terminal, but it also offers you a plethora of additional features, such as checksum comparison (by file, by .checksum file, and by manual input in any combination), an algorithm identification tool, and the possibility to save a calculated checksum as a .checksum file on your device.
If you’re a seasoned Linux user, you probably already know everything about checksums, how they work, and how to calculate the checksum by yourself. However, in the event that you’re just starting out and recently discovered that Linux is all about Terminal commands, you may need the following few sections to learn how you can calculate and compare checksums on your Linux PC without breaking a sweat or growing increasingly frustrated.
As you may expect, Linux relies quite a lot on its Command Line Interface (CLI) to help you perform certain tasks, and although it does have plenty of GUI-based apps you can choose from (either built-in tools or ones that you can download separately), you’ll find out that CLI is simply better, and GUI is quite limited. For the sake of it, we’ll show you how to calculate a checksum by using both the Terminal and a third-party tool.
It’s worth mentioning that these instructions and the third-party tools were designed to work on the Ubuntu operating system. Although they might work on different Linux operating systems, there’s a good chance they might not, as different OS have different sets of instructions.
If you’re determined to embrace Linux in its purest form, then you’ll have to master the Terminal, as it is one of the most powerful tools you may ever encounter on this operating system. Some even say that using the Linux terminal feels like when you used to play computer games back in the day and summoned a console where you could input cheat codes that made you invulnerable and granted you ungodly powers. They wouldn’t be wrong.
Truth be told, if you get past the fact that the Terminal lets you do just about everything on your computer and doesn’t have as many failsafes as, say, Windows, which doesn’t allow you to delete essential OS files or format partitions where Windows is installed, it’s quite easy to work with this console. As a rule of thumb, don’t ever try running a Terminal command if you’re not 100% that you understand and acknowledge what it will do.
The first thing you need to learn is that Linux comes with a different command for each checksum algorithm, but once you get the hang of them, they’re quite easy to remember and, dare we say, intuitive. We’ve listed each command below, as well as the algorithm it supports, so you can check them out before we get started properly.
- MD5 – md5sum – used to calculate MD5 checksums
- SHA-1 – sha1sum – used to calculate SHA-1 checksums
- SHA-256 – sha256sum – used to calculate SHA-256 checksums
- SHA-224 – sha224sum – used to calculate SHA-224 checksums
- SHA-384 – sha384sum – used to calculate SHA-384 checksums
- SHA-512 – sha512sum – used to calculate SHA-512 checksums
If you’ve already familiarized yourself with the different types of hashes that your Linux Terminal can process, it’s time to learn how to calculate a checksum for a file you downloaded. For the sake of keeping things simple, you can download IrfanView, as it allows you to check the official checksum right on the official download page, under each hyperlink. However, feel free to download any file you want for this tutorial, as long as you also have access to the original file’s checksum (not the one you’ll calculate, obviously).
With that in mind, here’s what you have to do in order to calculate a file’s checksum in Linux (Ubuntu) using the Terminal:
- Hit the Win key on your keyboard
- Type terminal
- Select the terminal from the list of results
- Use the CD command to navigate to the folder where you downloaded the file (cd Downloads usually does the trick)
- Type the following command to calculate the checksum of your file, but make sure to replace FILENAME with your actual file name (including its extension)
- The command should look something like
- Note that if your file uses a different hashing algorithm, you can simply use any other of the commands we posted above
Pro tip: you can also use the file explorer (Files) to navigate to the directory where you downloaded your file, then use Shift + Right-click on any empty space inside that directory (not on any icon) and select Open in Terminal from the context menu. This will let you skip using the CD command to navigate to the appropriate directory.
After running the command, you should be able to see the hash displayed in your terminal window, just below your command. Now compare it against the hash of the original file (for example, the checksum displayed on the official download page of your file, or the one included in a text document along with the file you downloaded, if appliable).
If the hashes are identical, good for you, it means that the file hasn’t been tampered with and it hasn’t been corrupted or broken during transmission in any manner. However, if you see any differences, you may want to get rid of the file as soon as possible, as it could’ve been tampered with and might carry dangerous malware that could jeopardize your device’s security.
2. Using a third-party app
We get it, the terminal can be a bit scary, especially if you’ve been coddled by Windows’ intuitive menus and the fact that you can use it without ever opening CMD or PowerShell or even knowing that they’re there, for that matter. Fortunately, you can still calculate checksums without launching the terminal and typing each command manually into it by using third-party apps.
On the downside, these apps need to be installed somehow, and one of the best methods is to use the terminal, so we’re not exactly out of the clear just yet, but bear with us and we’ll teach you what to do and guide you through each step. A simple, yet powerful tool you could use to calculate checksums is GtkHash; it’s easy to install, easy to use, and supports a plethora of hash functions, so you know you won’t run out of options anytime soon.
As we’ve already mentioned above, the following instructions are written for Ubuntu, but they might work great on other Debian-based Linux distributions, as well. Furthermore, you will need Super User (administrator) rights in order to be able to run some of these commands (mostly installing the program on your computer), so make sure you have a Super User account that you know the password of before we proceed. If everything is peachy on your side, follow these steps to install GtkHash on your Ubuntu computer:
- Hit the Win key on your keyboard
- Type terminal
- Click the terminal icon in the list of results to launch an instance of the terminal
- Type the following command in the terminal:
sudo apt-get install gtkhash
- This will fetch the installation files from a repository and install them on your computer in no time
- Launch GtkHash after installing it by either locating its icon or typing GtkHash in the terminal
- Note that if you launch it through the terminal, you must leave the terminal window open, as closing it will also terminate GtkHash
Alright, so you’ve installed GtkHash, which is quite an important step in our process. If you also managed to launch it give yourself a high-five and let’s configure the algorithms we’re going to use.
- Go to GtkHash’s Edit menu
- Select Preferences from the combo menu
- Check the algorithms you’re going to use (by default MD5, SHA1, and SHA256 are selected)
Our recommendation is to leave only the default ones for now, and add more later if or when you’re going to need them. Here’s a complete list of all the hash functions supported by this app:
- HAVAL 128-3
- HAVAL 160-3
- HAVAL 192-3
- HAVAL 224-3
- HAVAL 256-3
- SNEFRU 128
- SNEFRU 256
As you can see, there’s plenty of options you can choose from, and adding more algorithms to the program besides the ones that are enabled by default might only confuse you more and make the tool more difficult to work with. If we’re done here, let’s see exactly how you can use GtkHash to calculate the hash of any file you’ve saved on your PC.
- Launch GtkHash
- Click the file-shaped icon in the File field
- Navigate to the file you want to calculate the checksum for
- Double-click the file to load it to GtkHash
- Click the Hash button in the main window of GtkHash (lower-right corner)
- Check if the value of your hash is identical to the one on the website (or to the one in your separate file, whichever applies)
As we’ve said before, if the hashes are identical, then you’re good to go; the file you downloaded hasn’t suffered any modifications between the time it was posted and the moment when it reached your PC, and it’s not corrupted or broken either. If you notice that the hashes are different, we suggest you get rid of the file as soon as possible and try downloading it again to rule out any transmission issues such as interruptions or timeouts.
Note that the width of the main window of GtkHash is a bit reduced in size, which means that some hashes won’t be entirely visible. In order to see the whole hash (checksum), you can either resize the main window of the program or you can copy the checksum and paste it into a different app, such as a text editor. Remember, if you can’t seem to find the right algorithm in GtkHash, you can always pop open the Preferences window and enable more hash functions that you can work with.
Last, but not least, GtkHash is just an example of third-party apps you can work with. Feel free to explore and experiment with any other app, and you may find ones that offer a lot more features, support more algorithms, and are even easier to use (although GtkHash is quite straightforward).
Checksum – CONCLUSION
All things considered, if you’ve ever heard about checksums but didn’t read into the matter too much and now you’re just confused about what it means, what it’s used at and how does it work, we’ve got you covered. To put it shortly, a checksum is paramount to check the integrity of data, and it applies to a wide range of domains, including but not limited to emails, passwords, downloaded files, and even RAM/HDD troubleshooting.
Each operating system has its own particularities regarding calculating and comparing checksum, so you might want to check our instructions if you find it difficult to calculate a checksum on Linux, Mac, or Windows computers. On an ending note, if you notice any differences between your calculated checksum and the original one, you should always see it as a potential intrusion or corruption problem.