Then run the following command from within the download directory. įirst open a terminal and go to the correct directory to check a downloaded iso file: Ubuntu distributes the SHA-256 checksum hashes in a file called SHA256SUMS in the same directory listing as the download page for your release. We are going to use the Ubuntu 9.10 LiveDVD for the following example: Most Linux distributions come with the sha256sum utility (on Ubuntu it is part of the coreutils package). You should verify this file using the PGP signature, SHA256SUMS.gpg (such as ) as described in VerifyIsoHowto. See the SHA-256 checksum file for the release you're using under, such as. The SHA-256 hash must be signed or come from a secure source (such as a HTTPS page or a GPG-signed file) of an organization you trust. In terms of security, cryptographic hashes such as SHA-256 allow for authentication of data obtained from insecure mirrors. It is a very good idea to run an SHA-256 hash comparison check when you have a file like an operating system install CD that has to be 100% correct.
The possibility of changes (errors) is proportional to the size of the file the possibility of errors increase as the file becomes larger. SHA-256 serves a similar purpose to a prior algorithm recommended by Ubuntu, MD5, but is less vulnerable to attack.Ĭomparing hashes makes it possible to detect changes in files that would cause errors. SHA-256 hashes used properly can confirm both file integrity and authenticity. The program sha256sum is designed to verify data integrity using the SHA-256 (SHA-2 family with a digest length of 256 bits).
0 kommentar(er)
