Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
when i download a linux distro's iso...
a md5sum or sha1sum file is present in the download directory(index of directory)...
i wish to know..what they indicate...
and what is the use of such files??
would there be any problem if md5sums files are not present for each iso????????
The checksums (md5sum, sha1sum, ...) are there so you can check that the file you downloaded is good/ok. If there is a problem with the file (i.e. at least one bit of it has changed for some reason from the original), the calculated checksum differs, usually a lot, and does not match the given checksum (which is in the MD5SUM or SHA1SUM or similar file). Thus you know the file is not good and can re-get it. So basically you are given the "known good" sum, you calculate the sum from your own copy and compare them. If the file is given, you don't need to compare the sums manually, but just feed the file to the checksum-calculating program and (typically) it also checks it for you. For example
Code:
md5sum -c MD5SUM
will check all the files mentioned in MD5SUM file (calculate their md5sums), then compare those calculated sums to the ones in the MD5SUM file. If they match, the file(s) is (are) probably good and it says "OK". Otherwise you're told the sums don't match.
So in short you don't need those sums, they're just a way for you to see if your files are probably right, or definitely not right.
md5sum produces a hash; this particular algorithm is popular because it has properties which are useful for checking data integrity. A hash is a non-unique sequence produced by operating on a sequence of bits (a number or a string). Some types of hashes are used to help sort or locate information, but md5sum is used for checking data. md5sum can give that non-unique 'fingerprint' to a very large file; to reproduce the same hash result you will have to make many changes and most likely even need to change the size of the file. This makes the md5sum a very good tool for checking that the *.iso file that you downloaded is an exact copy of the file on the remote site. You just look at the published md5 hash and then compare it to what you get when you do: md5sum whatever.iso
Let's take a 20-megabyte file... pick one... and do an md5sum (say...) on that file.
Now, go back and change "just one lousy bit." Pick any one of the 160-million bits...
Whoa! The result of "md5sum" for the changed file is completely different! It's not just "a wee bit different," but rather, not-at-all the same.
And that, my friend, is precisely what algorithms like "md5" are for. The slightest difference between two files, i.e. the slightest error in copying or downloading, even "just one bit out of 120 million," is immediately recognizable because it produces a completely different result.
Verdict: if the value does not match exactly what you have been told to expect, download again.
Incidentally... cryptographic systems like "gpg" allow you to take this idea one step further: they produce a "digital signature" for a file that cannot be forged. They enable you to verify, not only that the file was correctly downloaded, but that the file you downloaded was in fact the one, byte-for-byte, that the publisher intended to provide.
That same thought should be applied to a burnt image of the downloaded iso. I've see to many posts with that being the problem. A lot of people assume the burn is OK. You should compare the burnt image with the original md5sum to confirm the burn is OK.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.