How to Verify MD5, SHA-1, and SHA-256 Checksum in Windows 10

If you’ve just downloaded a file from the Internet, you may want to verify that the downloaded file hasn’t been tampered with. After all, who knows that kind of nefarious fiddling a hacker might have been up to? By checking the MD5, SHA-1 or SHA-256 checksum of a file, you can verify its integrity and ensure the file hasn’t been corrupted or changed.


A checksum is a short, unique string that results from running an encryption algorithm on a given file. The algorithm looks at all the bits that make up a file and, based on those unique bits, creates a checksum. This checksum will change if even a single bit in the file changes. This means that by comparing two checksums, you can make sure your file hasn’t been damaged or modified. It’s a useful way to defend against file corruption or malicious interference in your downloads.

The most commonly used algorithms for checksums in MD5. SHA-1 and SHA-256 are also available and are based on cryptographically-secure algorithms. If you can choose from among the three, use SHA-256.


To use a checksum, you’ll first need to know what a given file’s checksum is. This will have to be provided to you by the same source that provided the file. You’ll run your downloaded file through the same checksum algorithm using one of the tools below. Once you’ve done that, you’ll compare the two strings. If the strings match, the file hasn’t changed. If the strings don’t match, something about your file is different from the original file.

The best way to run checksums in Windows 10 is with a tool called MD5 & SHA Checksum Utility. It will calculate the MD5, SHA-1 and SHA-256 checksums for a given file simultaneously and allow you to compare your result against the provided data.

1. Download MD5 & SHA Checksum Utility from the developer’s website.

2. Double-click the downloaded file to launch the program.


3. Click the “Browse” button to select the file you want to check.


4. Locate the provided checksum for your downloaded file. Not all downloaded files have checksums available, but open-source or security-conscious developers will frequently provide a checksum. Copy that checksum to the clipboard, then click the “Paste” button in MD5 & SHA Checksum Utility.


5. If the checksum is the same as the checksum the application calculated, you’ll receive a success message. This means that the file you have is identical to the file that was previously checked.


If the checksum is different, you’ll get an error message. This means the file has somehow changed since the last checksum was calculated.


If you verify checksums frequently, you might be interested in HashTab. The application installs an additional tab in the Properties window of File Explorer. Thanks to being embedded in Explorer, Hashtab can calculate checksums in place without requiring a separate application. By default, it calculates CRC32, MD5 and SHA-1 hash values. Additional hashing algorithms can be enabled in Hashtab’s settings.

1. Download and install HashTab from the developer’s website.

2. Right-click on the file you want to run a checksum against and choose “Properties” from the context menu.


3. Click the tab labelled “File Hashes” at the top of the window to see the MD5, SHA-1 and CRC32 hashes for the file you selected.


4. Copy and paste the checksum you want to compare against in the “Hash Comparison” dialog box.


5. If the hash checks out, you’ll see a green checkmark.


If the hash doesn’t match, you’ll see a red X.


If you want to check the integrity of a file you’ve downloaded, checksums will help you get it done. You can use MD5 & SHA Checksum Utility as a standalone application for calculating and comparing MD5, SHA-1 and SHA-256 checksums or use HashTab for a checksum checking tool that’s integrated into File Explorer.

Image credit: Beyer Cryptographic Watch via Wikimedia Commons


  1. “The most commonly used algorithms for checksums in MD5. SHA-1 and SHA-256 are also available and are based on cryptographically-secure algorithms. If you can choose from among the three, use SHA-256.”

    While MD5 is, as noted, still commonly used, it should be avoided…it has been proven to frequently cause collisions, which is when 2 different files produce the same checksum. As well, the SHA-1 algorithm has been cracked and can be manipulated so that 2 different files also produce the same checksum…which is a serious problem as, until recently, SSL certificates were created using SHA-1. As a result, the use of SHA-1 has been depreciated. As noted, one should use at least SHA-256, and SHA-512 would be an even better choice.

    “… you might be interested in HashTab … but the application only supports CRC32, MD5 and SHA-1 algorithms”

    Are you sure you’re using the latest version? According to the web site you linked to, Hash Tab supports more than two dozen algorithms, and I can confirm that the Mac version does indeed support a whole boat-load of them, including SHA-256 and SHA-512. My Windows machines, which I rarely use these days, are still running XP, and the version of Hash Tab for XP does indeed only support the 3 you mentioned…but that’s a fairly outdated version, to put it mildly :-)

    • Excellent points Rick, thank you! You are, of course, absolutely correct about MD5 being insecure and SHA-1 being deprecated.

      I tested HashTab on Windows 10 and didn’t find any obvious way to add algorithms different from the ones that were immediately available. I could be mistaken, of course, but is it possible that only the paid version supports the other algorithms mentioned on the site?

  2. Oh, forgot to mention…there’s one thing about the Mac version of Hash Tab I really like and that hopefully is in the latest Windows version as well. If you copy the checksum to be compared to the clipboard, Hash Tab automatically loads the checksum from the clipboard and compares it to the ones it calculated, thus eliminating having to manually paste it into the comparison box.

Comments are closed.

Sponsored Stories