Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm going to download my first iso's to install a new machine with Linux. I've normally used cd's from variouse Linux magazines, but thought I should to it all from scratch this time and download as well.
I see that all ISO also have a file with the md5sums or sha1sums for the ISO images. How important is it to actually check the ISOs against the md5sums? I know that it's a nice way to verify that the ISO are right, but from a security point of view, how important is it to do that?
This verifications, is it something everyone is doing, or is it only for a few specially interested?
Given that it only takes a few seconds to do the checksum, and if nothing else will tell you if the download worked properly, I don't see why you wouldn't
Technically you should always be checking the MD5 sums, to make sure you got a good download. But with technology as it is today, getting a corrupted download is less and less likely.
From a security standpoint, it is both good and bad. On one hand it is good because you can verify that the file you downloaded is the one you wanted, but on the other hand, anyone can post the MD5 sum for a file. Unless you are getting the MD5 sum from the official website, who is to say that it is legitimate?
For instance, if you were downloading a program from a mirror, and it turns out this particular file was a fake and actually contained a trojan, you would never know from the MD5 sums. The site that is hosting the fake file is just going to put up the correct MD5 sum, and lure you into a false sense of security since it is going to match.
If you are using the MD5 sums with security in mind, you MUST make sure you check the sum from the official site of the distribution/software. Don't just go by the MD5 posted on the site you downloaded it from.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.