Verify a download hasn't been tampered with: drop any file to compute its SHA-256, SHA-384, and SHA-512 checksums right in your browser, then compare against the vendor's published hash.
Serious software vendors publish a checksum next to every download. If the hash of the file you received matches the published one, the file is bit-for-bit identical to what the vendor shipped — not corrupted in transit, not swapped by a malicious mirror or a poisoned ad. It takes ten seconds and it has caught real supply-chain attacks.
More free tools: bvtech.org/tools.