Reasons Your Checksum Doesn’t Match the Original

In this article:

We have an article covering best practices for using checksums. But you can do all that and the user downloading your file can still have an issue. This can scare users into thinking you just infected their computer. This is why we recommend troubleshooting steps for when checksums don’t match.

Whether you’ve downloaded a file, or need a helpful link for troubleshooting hashing issues, below we cover a couple of reasons your checksum doesn’t match the original. Then we cover some possible solutions.

Has your small / medium-sized business exceeded the capabilities of your VPS? Consider our Dedicated Hosting with a Cisco Firewall.

Troubleshooting

Wrong Hash Algorithm

We mention 3-5 hash functions every time we cover hashing in depth. It’s possible you, or the website, created a different checksum than what’s specified in documentation. You may be able to determine the function of the original function by its character length. Ensure you used the correct function and command for your operating system (OS) – Unix, Windows, Mac.

  • MD5 (32 characters):
    f28ee6b687c7bd66420f5e3f9fbc3ecc
  • SHA1 (40 characters):
    991e12fef8b5d2ea7ef6ef9e648c494271d5173e
  • SHA256 (64 characters):
    433dc19d988c382fa19aa3ab03991c2587cd153fa4c2d21ecdc4fd83b0aa0633
  • SHA384 (96 characters):
    e725f569f762783031476ef6d653759504e28a1906b91ee28382e58c2ce29b9741a1d8e8f3d36769a60d6edecf2f8b56
  • SHA512 (128 characters):
    2a2a6821f7ac9117e3712cb3d0f4423cc8dd3da2ee2ec454aeb76d9f3ce99f62ad12db33d649b8d22b838cef5774f4cf6
    1634962cfea6106dd942c2e4f441f16

Wrong File

Did you download the wrong file? Some OSs use multiple package types. Linux software may have different options between source code and package manager repositories – DEB for Ubuntu, RPM for CentOS, etc. Windows software may include an EXE and MSI option. Ensure you have the best file type for your OS.

Updated File, Outdated Checksum

Let’s say you triple-checked you used the right hashing algorithm and downloaded the right file. You did as you were instructed. But it’s still not right. At this point, it’s probably not the user’s fault. Maybe the website or the file is out of date. Maybe there’s more than one list of checksums and they forgot to update one. Search their website for another checksum list with a recent “last modified date.”

Corrupt Download

“Corrupt” isn’t always synonymous with “malicious.” Files can be inadvertently altered during a file transfer if they include an unexpected type of encoding. Websites should recommend a specific browser and download manager for this reason if applicable. Otherwise, try a popular browser – Firefox or Chrome.

Malware

Often the first thing to come to mind, it is a possibility. Ransomware, spyware, and other virus types still exist and can originate from any software. Did you check that you’re on the right website? Does anything on the website seem out of place? Type the URL in the browser yourself to mitigate the possibility of a homograph phishing attack from a website that looks legitimate. Check for registered impersonating domains with HoldIntegrityIDN checker.

Solutions

Above was general troubleshooting options for checking the file. Below are steps to protect your local workstation or server.

  • Note all of your steps from downloading the software to troubleshooting – URL, file name and size, etc.
  • Search to see if others have reported the same issue using multiple browsers – DuckDuckGo, Qwant, etc.
  • Contact the developer via email, contact form, IRC, or social media.
  • Delete the file
  • Check for suspicious activity with logs
  • Be prepared to restore from an external backup

Did we miss anything? Let us know in a comment below.

Check out our latest blog for some best security practices.

Was this article helpful? Let us know!