Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MD5 Checksum kaput !


  • Please log in to reply
5 replies to this topic

#1 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 PM

Posted 03 April 2016 - 09:35 PM

Downloaded Kubuntu from HERE   

 

MD5 from same page is....

kubuntu-15.10-desktop-amd64.iso – 9e5eb424eabfd9b2d193d8c34eca7b48ad944b90c0de0bdcbb638563c14c4d2b

 

I used WinMD5Free v1.2 to capture the md5 of my download....and it is :: 2e9967a25d87f7c685c63101eddb17d6

 

Not Matched !

 

What have i done ?....used the wrong deodorant?.....brushed my teeth with the sink cleaner ?

 

New to this....keep it simple please.


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


BC AdBot (Login to Remove)

 


#2 almodo

almodo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:29 AM

Posted 03 April 2016 - 09:51 PM

That's a SHA256SUM, not a MD5SUM.



#3 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W

  • Topic Starter

  • Members
  • 6,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 PM

Posted 03 April 2016 - 09:53 PM

Call off the marines.....problem solved.......the md5 checking tool I was using is not compatible with windows 10.

 

As soon as I realized, I downloaded THIS     (hashtool.exe)

 

(yes, I know....cnet download.....I scanned the result with Sophos and Mbam...all good )

 

Works like a dream and the md5's(OOPS....Sha256's) are a match !

 

Edited to correct md5 to sha256)


Edited by Condobloke, 03 April 2016 - 09:55 PM.

Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#4 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W

  • Topic Starter

  • Members
  • 6,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 PM

Posted 03 April 2016 - 09:54 PM

yup....I stand corrected....sha256 it is


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#5 wizardfromoz

wizardfromoz

  • Banned
  • 2,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 PM

Posted 04 April 2016 - 03:39 AM

@condobloke:

 

Don't forget to go to your Terminal and type in and enter:

sudo ufw enable

This will start your Firewall, and generate a small script that will continue it every time you boot/reboot.

 

I am a big fan of KISS (both the group, and Keep It Simple Stupid)

 

 

@almodo:

 

Nice call and :welcome: to Linux and Unix Section .... or is that long past being relevant, given your time with this Forum, lol?

 

Enjoy, all

 

:wizardball: Wizard



#6 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,372 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:01:29 PM

Posted 04 April 2016 - 03:43 AM


 

Last month, Linux Mint’s website was hacked, and a modified ISO was put up for download that included a backdoor. While the problem was fixed quickly, it demonstrates the importance of checking Linux ISO files you download before running and installing them. Here’s how.

Linux distributions publish checksums so you can confirm the files you download are what they claim to be, and these are often signed so you can verify the checksums themselves haven’t been tampered with. This is particularly useful if you download an ISO from somewhere other than the main site–like a third-party mirror, or through BItTorrent, where it’s much easier for people to tamper with files.


How This Process Works

The process of checking an ISO is a bit complex, so before we get into the exact steps, let’s explain exactly what the process entails:


  1. You’ll download the Linux ISO file from the Linux distribution’s website–or somewhere else–as usual.

  2. You’ll download a checksum and its digital signature from the Linux distribution’s website. These may be two separate TXT files, or you may get a single TXT file containing both pieces of data.

  3. You’ll get a public PGP key belonging to the Linux distribution. You may get this from the Linux distribution’s website or a separate key server managed by the same people, depending on your Linux distribution.

  4. You’ll use the PGP key to verify that the checksum’s digital signature was created by the same person who made the key–in this case, the maintainers of that Linux distribution. This confirms the checksum itself hasn’t been tampered with.

  5. You’ll generate the checksum of your downloaded ISO file, and verify it matches the checksum TXT file you downloaded. This confirms the ISO file hasn’t been tampered with or corrupted.


The process may differ a bit for different ISOs, but it usually follows that general pattern. For example, there are several different types of checksums. Traditionally, MD5 sums have been the most popular. However, SHA-256 sums are now more frequently used by modern Linux distributions, as SHA-256 is more resistant to theoretical attacks. We’ll primarily discuss SHA-256 sums here, although a similar process will work for MD5 sums. Some Linux distros may also provide SHA-1 sums, although these are even less common.

Similarly, some distros don’t sign their checksums with PGP. You’ll only need to perform steps 1, 2, and 5, but the process is much more vulnerable. After all, if the attacker can replace the ISO file for download they can also replace the checksum.

 

 


How to Verify a Linux ISO’s Checksum and Confirm It Hasn’t Been Tampered With

 

Thanks to Chris Hoffman






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users