Verify SHA-1 Checksums for Downloads

If you have ever wondered what the long hash string is for when you go to a sites download page, well, here's a how-to on this.

The long string is used to compare against the file you downloaded. This helps in making your download didn't get hijacked by a man-in-the-middle attack or some other type of hack.

Here's some examples of where you might see a Checksum hash.

Raspberry Pi Image Download SHA-1 Checksum

Kali Linux Image Download SHA-1 Checksum

To validate this on the Mac open your Terminal app and type:

$ openssl sha1 /Users/your-home-dir/Downloads/downloaded-file.img

Real life example of what happens.

$ openssl sha1 /Users/trozdol/Downloads/2016-09-23-raspbian-jessie.zip

SHA1(/Users/trozdol/Downloads/2016-09-23-raspbian-jessie.zip)= e0eeb96e2fa10b3bd4b57454317b06f5d3d09d46  

Then you can compare the output hash vs the hash on the website you downloaded the image from.