A checksum, in its most basic form, is a simple addition of the basic blocks that compose the data. For a file, this is usually the bytes that make up a file. However, a simple checksum does not provide a unique checksum. A unique checksum is necessary to prove the integrity of a file. The MD5 or SHA1 cryptographic hash functions, or message digests, providesnearly unique output for the input fed to it. Thus, combined, an MD5 or SHA1 checksum provides a nearly unique checksum for a given input file, down to the byte level.

MD5 or SHA1 checksums are usually stored in the same directory as the package or ISO you wish to download.

As an example, suppose you wished to verify the integrity of the disc 1 ISO of Red Hat Enterprise Linux WS 4. Look for its checksum in the file md5sums.asc and then calculate its checksum using the Linux command md5sum. If they match, you can assume that the file you downloaded was produced by the person(people) who created the checksum.

[root@blarg iso]# grep RHEL4-U1-i386-WS-disc1.iso md5sums.asc
18e69a8f2f85a6e64aab06a80562dd6f RHEL4-U1-i386-WS-disc1.iso
[root@blarg iso]# md5sum RHEL4-U1-i386-WS-disc1.iso
18e69a8f2f85a6e64aab06a80562dd6f RHEL4-U1-i386-WS-disc1.iso