---
title: "Reasons Your Checksum Doesn&#8217;t Match the Original"
description: "In this article: TroubleshootingSolutions We have an article covering best practices for using checksums. But you can do all that and the user downloading your file can still have an issue. This can..."
url: https://www.inmotionhosting.com/support/security/reasons-your-checksum-doesnt-match-the-original/
date: 2019-09-30
modified: 2021-08-16
author: "InMotion Hosting Contributor"
categories: ["Security"]
type: post
lang: en
---

# Reasons Your Checksum Doesn&#8217;t Match the Original

**In this article:**

- [Troubleshooting](#troubleshooting)
- [Solutions](#solutions)

We have an article covering [best practices for using checksums](https://www.inmotionhosting.com/support/security/best-practices-for-using-checksums/). But you can do all that and the user downloading your file can still have an issue. This can scare users into thinking you just infected their computer. This is why we recommend troubleshooting steps for when [checksums](https://www.inmotionhosting.com/support/security/best-practices-for-using-checksums/) don’t match.

Whether you’ve downloaded a file, or need a helpful link for troubleshooting hashing issues, below we cover a couple of reasons your checksum doesn’t match the original. Then we cover some possible solutions.

Has your small / medium-sized business exceeded the capabilities of your VPS? Consider our [Dedicated Hosting](https://www.inmotionhosting.com/dedicated-servers) with a Cisco Firewall.

## Troubleshooting

### Wrong Hash Algorithm

We mention 3-5 hash functions every time we cover hashing in depth. It’s possible you, or the website, created a different checksum than what’s specified in documentation. You may be able to determine the function of the original function by its character length. Ensure you used the correct function and command for your operating system (OS) – [Unix](/support/security/verify-checksums-ssh/), [Windows, Mac](/support/security/create-checksum-locally/).

- MD5 (32 characters):f28ee6b687c7bd66420f5e3f9fbc3ecc
- SHA1 (40 characters):991e12fef8b5d2ea7ef6ef9e648c494271d5173e
- SHA256 (64 characters):433dc19d988c382fa19aa3ab03991c2587cd153fa4c2d21ecdc4fd83b0aa0633
- SHA384 (96 characters):e725f569f762783031476ef6d653759504e28a1906b91ee28382e58c2ce29b9741a1d8e8f3d36769a60d6edecf2f8b56
- SHA512 (128 characters):2a2a6821f7ac9117e3712cb3d0f4423cc8dd3da2ee2ec454aeb76d9f3ce99f62ad12db33d649b8d22b838cef5774f4cf61634962cfea6106dd942c2e4f441f16

Linux desktop users can use the [GtkHash](https://www.inmotionhosting.com/support/security/checksums-gtkhash/) graphical app to verify multiple hashes at once.

### Wrong File

Did you download the wrong file? Some OSs use multiple package types. Linux software may have different options between source code and package manager repositories – DEB for [Ubuntu](/support/edu/software/ubuntu-server-overview/), RPM for [CentOS](/support/edu/software/centos-server-overview/), etc. Windows software may include an EXE and MSI option. Ensure you have the best file type for your OS.

### Updated File, Outdated Checksum

Let’s say you triple-checked you used the right hashing algorithm and downloaded the right file. You did as you were instructed. But it’s still not right. At this point, it’s probably not the user’s fault. Maybe the website or the file is out of date. Maybe there’s more than one list of checksums and they forgot to update one. Search their website for another checksum list with a recent “last modified date.”

### Corrupt Download

*“Corrupt”* isn’t always synonymous with “*malicious.*” Files can be inadvertently altered during a file transfer if they include an [unexpected type of encoding](/support/edu/cpanel/understanding-character-encoding-in-the-code-editor-of-cpanel/). Websites should recommend a specific browser and download manager for this reason if applicable. Otherwise, try a popular browser – Firefox or Chrome.

### Malware

Often the first thing to come to mind, it is a possibility. [Ransomware](https://www.techradar.com/news/ransomware-remains-a-huge-threat-to-businesses), [spyware](https://www.techradar.com/news/spyware-laden-privacy-extensions-and-apps-affect-over-11-million-users), and other virus types still exist and can originate from any software. Did you check that you’re on the right website? Does anything on the website seem out of place? Type the URL in the browser yourself to mitigate the possibility of a [homograph phishing attack](https://thehackernews.com/2017/04/unicode-Punycode-phishing-attack.html) from a website that [looks legitimate](https://www.farsightsecurity.com/txt-record/2018/01/17/mschiffm-touched_by_an_idn/). Check for registered impersonating domains with [HoldIntegrityIDN checker](https://holdintegrity.com/checker).

## Solutions

Above was general troubleshooting options for checking the file. Below are steps to protect your local workstation or server.

- Note all of your steps from downloading the software to troubleshooting – *URL, file name and size, etc*.
- Search to see if others have reported the same issue using multiple browsers – [DuckDuckGo](/support/news/search-with-duckduckgo/)*, *[Qwant](https://www.qwant.com/)*, etc.*
- Contact the developer via email, contact form, IRC, or social media.
- Delete the file
- Check for suspicious activity with [logs](/support/edu/cpanel/cpanel-logs-for-access-apache-email-error-ftp-mysql-whm/)
- Be prepared to restore from an external backup

Did we miss anything? Let us know in a comment below.

Check out our latest blog for some [best security practices](https://www.inmotionhosting.com/blog/6-ways-to-secure-your-web-activity-from-your-computer/).
