Checksums and Software

Owned by Spencer Whetstone (Unlicensed)
Last updated: Apr 22, 2021
2 min read

Original Content by Spencer Whetstone on
March 13, 2021

Inspired by  @psyrax
https://discord.com/channels/334085157441110017/334085157441110017/820157889704230934

Checksums and Why They Are Important

Hashing is the generation a value or values from a string of text or a binary file using a mathematical function. This value is often called a checksum.

Hashing is a security function, in which the software’s author can provide assurance to the user that the software has not been altered in any way. A malicious actor could clone, decompile, make changes such as sweeping the balance of all addresses in a wallet to an unknown address. Unfortunately, users have fallen victim to this sort of fraud.

A formula generates the hash, the author of the software publishes the hash on the site where the software is hosted. A user can download the software and check its hash value with that published by the author.

If the hashes are compared and do not match, then the user should discard the file without using it, as it probably fraudulent malware.

How can I check/compare the hash of a downloaded file?

As an example, you can verify the checksum or hash value of the Sphere by Horizen installer files. The repository for Sphere by Horizen is located at:

https://github.com/HorizenOfficial/Sphere_by_Horizen/releases/tag/desktop-v1.2.9-beta

Here are commands that can be executed on any of the supported Operating Systems.

macOS
Open a Terminal window and run:

macOS Checksum
openssl dgst -sha256 ~/Downloads/Sphere_by_Horizen-1.2.9-beta.dmg

Windows 10

Open a Powershell command window and run:

Windows 10 Checksum Syntax
get-filehash -path filename.exe -Algorithm SHA256 | format-list

Example - modify the "myname" portion of the command to match your Windows User Account

Windows 10 Checksum with path
get-filehash -path c:\Users\myname\Downloads\Sphere_by_Horizen-1.2.9-beta.exe -Algorithm SHA256 | format-list

or

Open a Windows 10 Command Prompt window and run:

Windows 10 Checksum Syntax
certutil -hashfile path filename.exe SHA256

Example - modify the "myname" portion of the command to match your Windows User Account

Windows 10 Checksum with path
certutil -hashfile c:\Users\myname\Downloads\Sphere_by_Horizen-1.2.9-beta.exe SHA256

Linux

Linux Checksum
openssl dgst -sha256 ~/Downloads/Sphere_by_Horizen-1.2.9-beta.deb

We also recommend QuickHash GUI. It is an open-source data hashing tool for Linux, Windows, and Apple Mac OSX (macOS) with graphical user interface (GUI). There is no charge to the user.

It can be obtained from https://quickhash-gui.org/ . 

Additional reading:

https://www.howtogeek.com/363735/what-is-a-checksum-and-why-should-you-care/
https://en.wikipedia.org/wiki/SHA-2




© 2020 Horizen. All rights reserved.