Are you sure your file is legit?

A Hash (informally called a checksum) is a signature for a file. You have probably seen them when downloading Linux distributions or files on official Vendor download sites. This signature verifies the integrity of the file. If you change the file in any manner, it’s checksum changes. Not many people use checksums for various reasons. It would be best if you used them when applicable. Let’s walk through checking a file downloaded from an official VMware site.

I will download VMware Horizon View 7. In the lower right corner of the download page is a list of checksums for the file. There are three different strengths. MD5, SHA1, and SHA256. There are several more, but these are the most common. Getting into the details of each algorithm is beyond this article. You would get bored very quickly. Suffice to say; you should use the highest algorithm provided. In this case, it’s SHA256.

This is a closer look at the checksums listed above.

s

Windows PowerShell 4.0 and higher contains a cmdlet that reads the checksum of a file. I downloaded the file Horizon 7.8 View Connection Server (64-bit) and ran this command against it.

PS:>Get-Filehash VMware-Horizon-Connection-Server-x86_64-7.8.0-12637483.exe

The “Get-Filehash” command defaults to SHA256. The checksum is identical. This action only took seconds to verify, and now I’m sure the file is the same as the source file. I could also verify the file I have on hand and a local source is valid.

From the Website: 4eb12fc88c6cc95a85e93d03f62109549704f01b2d2cc64c76210bb30db28917

The output of the PowerShell command.

This method works on any file. If you created a very tightly controlled version of Windows Server 2016, run the Get-filehash command and record the checksum. When you want to use the ISO for an installation two weeks later, check the Hash. No matter if someone changes the name of another ISO to the same name and the file size is the same; the checksums will not match. Go forth and HASH.

Author: Chet Camlin

Leave a Reply