The idea is that an algorithm is run against the original file, which spits out a long number - which is the "hash". That number is posted on the site where the file is downloaded from, along with info on if the hash was generated with MD5 or SHA1, SHA256 or SHA512, so anyone can then run the same algorithm against the file they have, to generate the same number/hash. Comparing the downloaded hash to the hash posted on the site tells you if the file that was downloaded is correct or not.
So, when I download a file, I can check that the file is in tact and as intended, by running that algorithm against the file I have to see if the "hash" is the same as the one on the site. If they are the same, then the file is good, if not then the file is bad and I should re-download it. This is not something that is normally an issue, but when downloading new router firmware which is just a hex file, it is a good idea to verify the integrity of the new file before loading it.
To do this with windows:
Type "cmd" in the search field under the start menu
When the window opens, first go to the directory where the file resides, start with the drive letter, then "cd" to the directory:
Then run the command "certUtil" to get the checksum of the file:
certUtil -hashfile SomeFileName SHA1
certUtil -hashfile SomeFileName SHA256
certUtil -hashfile SomeFileName SHA512
certUtil -hashfile SomeFileName MD5
The numbers that it spits out can then be compared to the MD5 or SHA1 hashes on the website where the files were downloaded from. The spaces can be ignored, they are only for readability, since the numbers are normally without spaces.