CIPHER MACHINES AND CRYPTOLOGY
SHA-256 Secure Hash Function
Home Back


How To Verity Downloads With SHA-256

You can check the integrity of all software downloads on this website by comparing their SHA-256 hash value with the published SHA-256 values. When the hash values are identical you know that the download is not corrupted or tampered with. When the hash values don't match, this might be caused by a corrupted download. Download and check the file again. If the values still don't match, then don't open or install the downloaded file.

Here's how you check the download.

  • Download the zip archive with the installation files.
  • Get the SHA-256 values PDF Format for all software downloads and exe files or request them by e-mail.
  • Use a SHA-256 calculator (info below) to obtain the hash value of the downloaded zip file.
  • Compare the hash value of your downloaded zip file with the provided SHA-256 hash value.

You can use the File Hash Online Calculator and simply drag and drop your files to calculate the hash value instantly. All calculations are performed off-line, and the file is not uploaded to any website. Some other on-line SHA-256 calculators are FileFormat.Info and Conversion-Tool. Make sure you select the SHA-256 output. There are also secure hash calculator tools available for download and off-line use on your computer.

You can also verify your installed application at any time later on by checking the hash value of the executable ".exe" file that is found in its installation folder, usually located in the Program Files or Program Files (x86) folder on your C drive, unless specified otherwise during installation. If the hash value is correct, you know that the file is not tampered with since it was installed.

About Secure Hash Functions

A cryptographic hash algorithm is a one-way function that converts data of any size into a fixed sized binary string called hash value. Cryptographic one-way functions can quickly calculate a hash value from any data, but it is infeasible to reverse the process. Even the smallest change of the original data will cause the hash value to be completely different and it is impossible to change the data in such way that its hash value is identical to the hash value of the original data. You would need to try out all possible combinations of data bits - a brute force search - to recreate the correct hash value, which is computationally infeasible.

The SHA-2 family is a set of cryptographically secure hash algorithms with hash values, sized between 224 and 512 bits. SHA-256 and SHA-512 are its latest standard hash functions. SHA-256 produces a 256-bit hash, formatted as a hexadecimal string. Secure hash algorithms are ideal for message authentication, digital signatures, password verification, checking data and file integrity and various trust related applications. You can create a hash value of your data, and no one can change that data without causing a completely different hash value. If the hash value is correct, then you know that the data is authentic.

Some Things To Consider

It's good practice to store a trusted hash value on a secure place or print it on paper. This way, you're sure that you verify the calculated hash against the original hash. An advantage of a printed hash is that it can't be hacked.

If an executable file that you want to verify is installed on a stand-alone computer for security reasons, your best option is to calculate its hash value with a SHA-256 tool on that stand-alone computer and then compare your hash value on the internet with another computer. Alternatively, you can copy the executable file with a USB stick from the stand-alone computer to an internet connected computer and calculate and compare its hash value on that computer. Note that the transfer of data between secure and insecure computers by USB stick also poses a security risk.

There is always a possibility that a malicious person might change a file and replace its insecure stored real hash value by a false hash value that matches the tampered file. This can be done on a hacked website but also on your computer. Know that the published hash values on this website are checked. Nevertheless, you can always request the original hash values by e-mail to ensure that your SHA-256 verification is performed correctly.

Create Your Own Hashes

Of course, you can also use a secure hash function for files you want to share with other people. Calculate the hash of the files before you share them and publish or send the hash value to the others. Now they can also calculate the hash value of the file they downloaded or received from you, compare it with the original hash and check its integrity.

Do you want to check whether a file or software on your computer isn't compromised? Calculate the hash of the file or executable (.exe) immediately after it is saved or installed on your computer and keep its hash value on a secure place. To check its integrity at any time later on, simply calculate the hash again and check the outcome with the stored hash value. Your data is unchanged if the stored and calculated hash are identical. However, a legitimate update of an executable file will also cause a mismatch of the hash value. In that case, a new hash should be calculated for that updated file.

Web Analytics Made Easy -
StatCounter

© Dirk Rijmenants 2004. Last changes: 05 December 2022

Home Back