Checking the hash checksum of downloaded files can indicate if a file has been tampered with. Hash collisions are possible by intentionally manipulating a harmful file to look like the expected file. The simpler the hash function, the more likely hash collisions are–MD5 and SHA1 have demonstrated hash collisions. SHA256 is a popular SHA-2 hash function for which it is hard to generate collisons with today’s computing power.

Observe the SHA256 hash of an empty file:

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

If encountering this SHA256 hash on a downloaded file, perhaps the download failed in a way that wasn’t otherwise detected, or the server file is indeed empty. Using an “if” statement with this hash can be used to alert users to an empty file downloaded.