How to Verify SHA1 and SHA256 Checksum on Mac


It is incredibly easy to add a malicious components (malware) to DMG files,  uploading them to file sharing websites like, & infecting computers on a mass scale.  SHA checksum is added to DMG files like TransmissionBT1, & Handbrake.fr2 to detect file tampering.

How to check SHA checksums:

In terminal, find the file(s) you’d like to check. “cd” command is to change directories, “ls” is to list files in a folder.

Use the following syntax: shamus file.dmg (Illustrated below)

sha checksum mac

The default for the shasum command is to use SHA1, the most common hash type, but this can be changed with the -a flag if necessary to 224, 256, 384, or 512.

Finally you can check the hexadecimal string on the main downloading website:

Always remember to download the files from a reputable source.

1. Popular BitTorrent Client Transmission Gets Infected With Malware Again
2. HandBrake hacked to drop new variant of Proton malware

Leave a Reply

Your email address will not be published. Required fields are marked *