14 June 2019

Do you check the checksum's of downloaded files?

It's usually unnecessary, but always recommended. Let's say you download CloneZilla and they've provided their file for download from a website like SourceForge. There's always a slight chance that some hacker/attacker could've altered the file, added some malware to it and replaced the file on SourceForge.

But you can check whether it's the original file that CloneZilla had uploaded to SourceForge, using the checksum.

I had downloaded clonezilla-live-20190420-disco-amd64.iso which had the MD5 checksum: 981841de868ccc0c927dea9ace9460fa as shown on the CloneZilla website.

Now to verify the file I just opened up a terminal and typed
md5sum clonezilla-live-20190420-disco-amd64.iso.

The output was:
981841de868ccc0c927dea9ace9460fa  clonezilla-live-20190420-disco-amd64.iso

A perfect match! It's that simple.

No comments: