Overview
A hash value is a unique value that corresponds to the content of the file. Rather than identifying the contents of a file by its file name, extension, or other designation, a hash assigns a unique value to the contents of a file. File names and extensions can be changed without altering the content of the file, and without changing the hash value. Similarly, the file's content can be changed without changing the name or extension. However, changing even a single character in the contents of a file changes the hash value of the file.
The purpose of hash values is to provide a cryptographically-secure way to verify that the contents of a file have not been changed. While some hash algorithms, including MD5 and SHA1, are no longer considered secure against attack, the goal of a secure hash algorithm is to render it impossible to change the contents of a file -- either by accident, or by malicious or unauthorized attempt -- and maintain the same hash value. You can also use hash values to determine if two different files have exactly the same content. If the hash values of two files are identical, the contents of the files are also identical.
<Source: Microsoft.com>
Instructions
Only download approved software from a known and approved source/vendor.
Once downloaded, check if the vendor has posted a hash value for the download you need. The value is a fixed string of alpha-numeric characters
Here is the process to check SHA256 or MD5 file hashes using PowerShell:
- Powershell commands are not case-sensitive
- The default hash algorithm is SHA256, so if you do not specify an algorithm, it will calculate and display a SHA256 value.
- Open PowerShell:
- Search for "PowerShell" in the Windows search bar and select "Windows PowerShell."
- Use the Get-FileHash cmdlet:
- To check the SHA256 hash, use the following command:
Get-FileHash "path\to\your\file"
- To check the MD5 hash, use the following command:
Get-FileHash "path\to\your\file" -Algorithm MD5
- Replace "path\to\your\file" with the actual path to the file. You can also drag and drop the file into the PowerShell window after typing Get-FileHash and a space to automatically fill in the path.
- Compare the hash:
- The output will display the algorithm used (SHA256 or MD5) and the calculated hash value. Compare this value with the expected hash value provided by the source of the file.
- If the hash values match, the file is likely intact and has not been tampered with. If they don't match, the file may be corrupted or altered.Example:
- Example:
- To check the SHA256 hash of a file named "twain_32.dll" located in the "C:\Windows" folder, the command would be:
From C:\Windows
Get-FileHash .\twain_32.dll
Which displays the following information:
Algorithm SHA256
Hash 26360ECD33EA6D50E9596F643B655B67975A8806013A99B29A1B93098A0CDD34
Path C:\Windows\twain_32.dll