The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Learn more. Why does the SHA of Raspbian file image never correspond to the one indicated on the website?
Ask Question. Asked 3 years, 2 months ago. Active 1 year, 6 months ago. MessageDigest , they give me the same result as follows: 2cf24dba5fb0a30e26e83b2ac5b9e29e1be5c1faeb So, could anyone point out where I got it wrong please? Improve this question. Turn 5, 26 26 silver badges 40 40 bronze badges. You got it wrong when you stopped investigating. The next logical thing to do was something like echo hello od -a on both systems to make sure shasum was getting the same input. DavidSchwartz Or od -A n -t x1 now that we're dealing with hexadecimals anyway.
The input of SHA is binary, just like the output. Add a comment. Active Oldest Votes. The echo commands are adding a trailing newline to your string. Try: hashlib. Improve this answer. Turn Turn 5, 26 26 silver badges 40 40 bronze badges. Thank you! I did not realise it at all. Maybe I have been negligent towards the verification of software I download over the Internet, but I or anybody I ever met have never tried to verify the checksum of the contents I download.
And because of this, I have no idea about how to verify the integrity of the downloaded item. Usually this would start on the owners side displaying the checksum for the file that you wish to download. Which would look something like the following:.
Now depending on what operating system you are using, once you have downloaded the required file you can compute a hash of it. First navigate to the directory of the file you downloaded, than:. The issue that comes with checking a hash from a website is that it doesn't determine that the file is safe to download, just that what you have downloaded is the correct file, byte for byte. If the website has been compromised then you could be shown the hash for a different file, which in turn could be malicious.
A checksum simply verifies with a high degree of confidence that there was no corruption causing a copied file to differ from the original for varying definitions of "high". In general a checksum provides no guarantee that intentional modifications weren't made, and in many cases it is trivial to change the file while still having the same checksum. Cryptographic hashes provide additional properties over simple checksums all cryptographic hashes can be used as checksums, but not all checksums are cryptographic hashes.
Cryptographic hashes that aren't broken or weak provide collision and preimage resistance. Collision resistance means that it isn't feasible to create two files that have the same hash, and preimage resistance means that it isn't feasible to create a file with the same hash as a specific target file. MD5 and SHA1 are both broken in regard to collisions, but are safe against preimage attacks due to the birthday paradox collisions are much easier to generate.
SHA is commonly used today, and is safe against both. If you plan to use a hash to verify a file, you must obtain the hash from a separate trusted source. Retrieving the hash from the same site you're downloading the files from doesn't guarantee anything.
If an attacker is able to modify files on that site or intercept and modify your connection, they can simply substitute the files for malicious versions and change the hashes to match.
Using a hash that isn't collision resistant may be problematic if your adversary can modify the legitimate file for example, contributing a seemingly innocent bug fix. Sign up or log in Sign up using Google. Sign up using Facebook. Sign up using Email and Password.
Post as a guest Name. Email Required, but never shown. The Overflow Blog. Introducing Content Health, a new way to keep the knowledge base up-to-date. Podcast what if you could invest in your favorite developer? Featured on Meta.
Now live: A fully responsive profile. Reducing the weight of our footer. Related The Overflow Blog. Introducing Content Health, a new way to keep the knowledge base up-to-date.
Podcast what if you could invest in your favorite developer? Featured on Meta. Now live: A fully responsive profile. Reducing the weight of our footer. Related 6. Hot Network Questions. Stack Overflow works best with JavaScript enabled.
0コメント