What are MD5 and SHA1 Hashes and How to Use Them to Verify File Integrity in Windows
Getting straight to the point, MD5 and SHA1 hashes are part of a class of algorithms known as cryptographic hash functions, which are typically used to verify that a file is 100% the same as the original file from the source. If that explanation is a bit confusing, in basic terms – you can use these hash functions to verify that the file you’re downloading hasn’t been altered, damaged, corrupted, or infected by malware.
Whenever you download something from the internet, there’s always a chance that the file is no longer in its original state by the time it reaches your computer. The change can be due to errors during the download or upload processes (i.e. – brief connection lapses), missing file chunks, or even the intentional actions of a nefarious individual who has attached malware to the file.
Comparing the hash data of your downloaded file to that of the original file lets you verify that the two are exactly the same down to the single byte level. You can sometimes find the recorded hash value or checksum of a file (a long string of numbers preceded by “MD5:” or “SHA1:”) on the website you’re downloading it from. See the image below as an example:
However, many times the original checksum of the file is not openly listed by the download source. In that case, you can try to find it online by running a Google search for: “exact_file_name” + SHA1 or MD5 hash.
Side tip/Example: For Microsoft product downloads, you can find a complete archive of Microsoft SHA1 Hash data categorized alphabetically on the Heidoc.net Microsoft Downloads Dump.
Once you know the original checksum, you can then run the appropriate algorithm (SHA1 or MD5) to retrieve the hash value after you’ve downloaded the file to make sure it matches the checksum of the original file. Unfortunately, there aren’t any built-in tools in Windows that will generate checksums conveniently, so it’s best to use one of the following methods (scroll down to see online solutions):
This simple freeware lacks advanced features but it’s perfect if you’re just wanting the MD5 or SHA1 checksum of a file. Simply launch the program, click the Browse button, and select the file. The MD5 and SHA1 hashes will automatically be displayed below. You can also paste a previous/original hash value into the bottom field and click the Verify button to quickly check that the checksums match without having to skim over the lengthy numbers visually.
ComputeHash is a compact utility that needs to be installed to work. Once installed, it will equip your File Explorer context menu with a new feature, so when you right-click on a file you can select the “Compute Hash” option to quickly display the MD5, SHA1, SHA512, SHA 384, and SHA256 checksums of the file. From there you can copy the values individually or export them all to a text file using the Copy to File button.
HashMyFiles is more comprehensive than the other two utilities mentioned above, as it allows for batch file processing and it can provide hashes for MD5, CRC32, SHA1, SHA512, SHA384, and SHA256 checksums. It also adds a right-click menu option or quickly verifying file integrity. Plus, you can export the generated data to CSV, HTML, XML, or TXT file formats.
IgorWare Hasher is a free portable tool for calculating MD5, SHA1, and CRC32 hashes from files that you can drag and drop into the interface or navigate to using the Browse button. The results can be copied to clipboard or saved to. sfv, .sha, or .md5 and then used later for verification. This is useful for keeping track of a file's integrity and security over time after it has been transferred to and from different devices or users.
Hash Generator from Security Xploded comes in a zip file and includes a portable non-install utility as well as an installable version, the latter of which adds a right-click context menu option when installed. This one’s lower on our list because it’s more of a general hash generator than a focused solution for calculating SHA1 and MD5 hashes specifically. In fact, it can identify and generate 14 different hash types, including all variants of the MD5 and SHA formats, as well as CRC32, ReipEmd160, Alder32, Whirlpool, and Haval256-4.
Online Hash Calculators
If you’d prefer not to download anything and would rather use an online tool to run a quick hash check from any browser, check out the following 3 sites:
- Md5file – By far the best online tool, with no file size limits, batch file processing, and the ability to process an unlimited number of files.
- OnlineMD5 – Fast and free interface you can use to Browse to file or drag and drop into browser window and generate MD5, SHA1, and SHA-256 checksums. Includes a compare feature. Maximum file size is 4 GB.
- Defuse.ca – Browse to file but no drag and drop functionality. The maximum file size is also only 5 MB, but it supports more hash algorithms than most other online tools.
Online solutions can have slower processing times than native apps, but the advantage is that you can use them in any browser without downloading or installing anything.
Other Techniques Worth Noting
As is usual with most tech-related tasks, there’s an abundance of alternative methods you can use to generate checksums, including but not limited to the following:
- Using the Microsoft File Checksum Integrity Verifier Tool
Microsoft’s File Checksum Integrity Verifier is a very basic command line utility that computes SHA1 and MD5 hashes. It’s unsupported and not very user-friendly, so this would be more of an extra option to experiment with if you’re a techie.
- Calculating Checksum Using 7-Zip Right Click Option (for SHA and CRC Hashes Only)
7-Zip is a popular file compression and unzipping tool that many of you probably already have installed. If you open the 7-Zip File Manager and right-click on a file within the interface, you can navigate to the CRC right-click menu and choose from CRC-32, CRC-64, SHA1, and SHA-256 hashes. Selecting a hash type will quickly generate the checksum and display it as seen below:
- Calculating File Checksums in Android
Finally, if you’re trying to verify the integrity of a file on a mobile device, check out our guide on the best apps for calculating check sums in Android.
Congratulations, You’re Now an Expert on Verifying File Integrity
While you can’t exactly call yourself an IT security professional based on the contents of this guide alone, with the above solutions you should have all the tools and knowledge needed to generate and compare cryptographic file hashes the same way a pro would.