Checksum

A checksum is a short, fixed-length fingerprint of a chunk of data — computed in a way where any change to the underlying bytes produces a different fingerprint.

In a modern backup system the checksum is a cryptographic hash, typically SHA-256. Feed in ten megabytes of RAW image data and out comes a sixty-four-character hex string; change a single bit inside that ten megabytes and the string is entirely different. This property — small in, small but wildly different out on any change — is what makes checksums useful as tamper-evident fingerprints. You cannot look at a checksum and recover the data, but you can compare two checksums instantly and know whether the data they summarise is identical.

Checksums and verification are related but distinct. A checksum is the tool: a number attached to a chunk. Verification is what you do with it — re-read the chunk, recompute the checksum, and confirm it still matches. The checksum is also what makes deduplication work: two files that produce the same chunk hash are, with mathematical certainty, the same data, and only need to be stored once.

In macup, every chunk written to the repository is addressed by its SHA-256 checksum. That single fact gives you integrity checking, deduplication, and the ability to confirm a restored file is bit-for-bit identical to the one you backed up — all from the same number.