Why You Should Verify ISO Files
Most of the time, you can just download an ISO and install a Linux distribution. On the server-side, the ISO file might become corrupted, resulting in errors when trying to install. Why would this happen?
The file on the remote server or torrent might get corrupted somehow. A man-in-the-middle-attack might have even replaced the ISO with a fake version that will compromise your computer when you install it, and you wouldn’t even know until it was too late.
For these reasons, Linux distro makers and other open-source downloads will display a checksum in a text file that you can use to verify the integrity of your downloads and make sure they’re exactly what you want. Other times, they’ll just display the checksums on their website next to the downloads.
Displaying the Checksum for a File
To display the checksum of your downloaded file, use the appropriate command depending on the checksum the developers used on their website. The two major checksum formats used are MD5 and SHA256.
To calculate an MD5 checksum on a downloaded ISO file, use the md5sum command.
For a SHA256 checksum, use sha256sum instead with the same -b option. By themselves, they will display a checksum, which you can then compare against the checksum on the distro’s website.
Comparing Checksums
Once you’ve displayed the checksum on the ISO file, compare it to the one you received from the distro’s website by just looking at the two numbers.
Look at them closely to make sure they match exactly. If they don’t, something’s wrong with the file, or the site you downloaded it from, or both. If you have any doubt, don’t use that ISO. You’re better safe than sorry.
Now You Know Your Downloads Are Safe
Now that you know your ISOs are what you wanted, what do you do with them? You could burn them to media storage devices like DVDs or CD-Rs, but you can also extract them to your Linux machine and display their content.
