Update: We previously suggested to use the "MD5" protocol in validating your downloads. However, we've now updated our suggestions to be more line with the latest "SHA-1" and "SHA256" standards.
Checksums are a useful way to verify that the file you’ve downloaded is the exact version that the website intended to be downloaded, ensuring that it hasn’t been modified or tampered with somewhere along the way.
Once you’ve determined your file’s checksum, you’ll need to compare it to the one provided by the website from which you downloaded it, so before you begin you should also make sure that the host website has indeed provided this information.
Firstly, open Terminal by searching for it in Spotlight or Launchpad, or open it directly in Applications > Utilities.
Once open, type in “shasum -a ” followed by either 1 or 256, depending on whether you want to verify the downloaded file against a SHA-1 or SHA-256 checksum provided by its developer.
Next, add a space, followed by the full path to the file. (Seen above.)
For instance, we’re going to check the “HandBrake-1.0.7.dmg” file, which is located in the Downloads folder, hence the path will look like this: “/Users/future/Downloads/HandBrake-1.0.7.dmg”.
Alternatively (and much more easily), you can simply drag and drop the file onto Terminal’s window to automatically paste the full path to it.
Next, hit "Enter" to run the command. You’ll see a string of letters and numbers following the "=" sign — this is the checksum for your file.
You can compare this to the checksum provided by the host's website (in this case, Handbrake) and, if they match perfectly, then you have downloaded the exact file that the website intended to be downloaded and be assured that it is safe to use.
- Here's how you can browse the internet safely in macOS