Uniquely identify a debian packageWhy is Wayland better?Why is defragmentation unnecessary?Why is there a /bin/echo and why would I want to use it?Why is it called sudo?Why do shells call fork()?How is Ubuntu more updated than Debian?How can I prevent dpkg-buildpackage from modifying the modification date of the /debian directory when building a Debian package?Building debian package - How do dependencies work?How to modify the details of a debian packageDvd md5 same as iso, sha1 and sha256 notubuntu package developing trying to overwrite config of other packagehow to upgrade my Debian package with minor changesapt can't install local deb package
How to respond to requests to retest, in hope that the bug is gone?
TV Pilot or Movie, 80s, misfit team with powers
Heavy condensation inside car during winter. Tried multiple things, but no results!
In TDD, should I add unit tests to refactored code?
When to use Sitecore.Context.Items and why?
Who was the first human to sleep on the Moon?
Outlining the climax made me lose interest in writing the actual story
Relative positioning of two axis environments
Getting Error 3340 Query ' ' is corrupt while executing queries DoCmd.RunSQL
What is "conditioning" on a feature?
Raised concerns about a security vulnerability to various managers, for more than a year, with no results. Should I mention it to external auditors?
Why does Rome municipality seem to have a hard time maintaining the city?
Why were some early PC 3D cards unsuitable for 2D graphics?
Best company EVER!
What exactly is "Japanese" Salt and Pepper?
NLP sentiment analysis in Norwegian
Is there a heavy usage of the word "bonfire" in English?
How do HK restaurants keep wok-fried scallops white, with no visible sear marks?
Does the horse hair in a bow all go in the same direction?
How to check password strength client-side?
Does the coriolis force have an effect on the direction in which an aircraft travels?
Can increasing the amount of training data make overfitting worse?
Is the sentence "pay some in cash" understandable?
The lecturer supposed to grade my presentation fell asleep while I held it. Should I complain?
Uniquely identify a debian package
Why is Wayland better?Why is defragmentation unnecessary?Why is there a /bin/echo and why would I want to use it?Why is it called sudo?Why do shells call fork()?How is Ubuntu more updated than Debian?How can I prevent dpkg-buildpackage from modifying the modification date of the /debian directory when building a Debian package?Building debian package - How do dependencies work?How to modify the details of a debian packageDvd md5 same as iso, sha1 and sha256 notubuntu package developing trying to overwrite config of other packagehow to upgrade my Debian package with minor changesapt can't install local deb package
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;
I see three checksums in a .deb package:
- md5sum
- sha1
- sha256
Why do we need 3 checksums? Can we use any one of these to uniquely identify a Debian package?
package-management debian md5sum checksums sha256
edited Aug 12 at 21:46
Eliah Kagan
95.1k25 gold badges256 silver badges409 bronze badges
asked Aug 12 at 20:55
alok aggarwalalok aggarwal
153 bronze badges
add a comment
|
I see three checksums in a .deb package:
- md5sum
- sha1
- sha256
Why do we need 3 checksums? Can we use any one of these to uniquely identify a Debian package?
package-management debian md5sum checksums sha256
edited Aug 12 at 21:46
Eliah Kagan
95.1k25 gold badges256 silver badges409 bronze badges
asked Aug 12 at 20:55
alok aggarwalalok aggarwal
153 bronze badges
What is a checksum - Checksums are used to verify the integrity of a copied or downloaded file. In that way they are used to uniquely identify a file- any changes made to the file would result in an entirely different checksum. There are multiple ways to calculate a checksum - Why? is a question outside of the scope and purpose of this forum.
– Nmath
Aug 12 at 21:12
@Nmath "Why?" questions are fine, provided they can be usefully answered. This could be answered with historical information or by saying how each hash is currently used. (We have many well-received "Why?" questions, like Why is there a /bin/echo and why would I want to use it?, Why is defragmentation unnecessary?, Why is it called sudo?, Why is Wayland better?, Why do shells call fork()?)
– Eliah Kagan
Aug 12 at 21:44
add a comment
|
I see three checksums in a .deb package:
- md5sum
- sha1
- sha256
Why do we need 3 checksums? Can we use any one of these to uniquely identify a Debian package?
package-management debian md5sum checksums sha256
edited Aug 12 at 21:46
Eliah Kagan
95.1k25 gold badges256 silver badges409 bronze badges
asked Aug 12 at 20:55
alok aggarwalalok aggarwal
153 bronze badges
I see three checksums in a .deb package:
- md5sum
- sha1
- sha256
Why do we need 3 checksums? Can we use any one of these to uniquely identify a Debian package?
package-management debian md5sum checksums sha256
package-management debian md5sum checksums sha256
edited Aug 12 at 21:46
Eliah Kagan
95.1k25 gold badges256 silver badges409 bronze badges
asked Aug 12 at 20:55
alok aggarwalalok aggarwal
153 bronze badges
edited Aug 12 at 21:46
Eliah Kagan
95.1k25 gold badges256 silver badges409 bronze badges
asked Aug 12 at 20:55
alok aggarwalalok aggarwal
153 bronze badges
edited Aug 12 at 21:46
Eliah Kagan
95.1k25 gold badges256 silver badges409 bronze badges
edited Aug 12 at 21:46
Eliah Kagan
95.1k25 gold badges256 silver badges409 bronze badges
edited Aug 12 at 21:46
Eliah Kagan
95.1k25 gold badges256 silver badges409 bronze badges
95.1k25 gold badges256 silver badges409 bronze badges
asked Aug 12 at 20:55
alok aggarwalalok aggarwal
153 bronze badges
asked Aug 12 at 20:55
alok aggarwalalok aggarwal
153 bronze badges
asked Aug 12 at 20:55
alok aggarwalalok aggarwal
153 bronze badges
153 bronze badges
What is a checksum - Checksums are used to verify the integrity of a copied or downloaded file. In that way they are used to uniquely identify a file- any changes made to the file would result in an entirely different checksum. There are multiple ways to calculate a checksum - Why? is a question outside of the scope and purpose of this forum.
– Nmath
Aug 12 at 21:12
@Nmath "Why?" questions are fine, provided they can be usefully answered. This could be answered with historical information or by saying how each hash is currently used. (We have many well-received "Why?" questions, like Why is there a /bin/echo and why would I want to use it?, Why is defragmentation unnecessary?, Why is it called sudo?, Why is Wayland better?, Why do shells call fork()?)
– Eliah Kagan
Aug 12 at 21:44
add a comment
|
What is a checksum - Checksums are used to verify the integrity of a copied or downloaded file. In that way they are used to uniquely identify a file- any changes made to the file would result in an entirely different checksum. There are multiple ways to calculate a checksum - Why? is a question outside of the scope and purpose of this forum.
– Nmath
Aug 12 at 21:12
@Nmath "Why?" questions are fine, provided they can be usefully answered. This could be answered with historical information or by saying how each hash is currently used. (We have many well-received "Why?" questions, like Why is there a /bin/echo and why would I want to use it?, Why is defragmentation unnecessary?, Why is it called sudo?, Why is Wayland better?, Why do shells call fork()?)
– Eliah Kagan
Aug 12 at 21:44
What is a checksum - Checksums are used to verify the integrity of a copied or downloaded file. In that way they are used to uniquely identify a file- any changes made to the file would result in an entirely different checksum. There are multiple ways to calculate a checksum - Why? is a question outside of the scope and purpose of this forum.
– Nmath
Aug 12 at 21:12
What is a checksum - Checksums are used to verify the integrity of a copied or downloaded file. In that way they are used to uniquely identify a file- any changes made to the file would result in an entirely different checksum. There are multiple ways to calculate a checksum - Why? is a question outside of the scope and purpose of this forum.
– Nmath
Aug 12 at 21:12
@Nmath "Why?" questions are fine, provided they can be usefully answered. This could be answered with historical information or by saying how each hash is currently used. (We have many well-received "Why?" questions, like Why is there a /bin/echo and why would I want to use it?, Why is defragmentation unnecessary?, Why is it called sudo?, Why is Wayland better?, Why do shells call fork()?)
– Eliah Kagan
Aug 12 at 21:44
@Nmath "Why?" questions are fine, provided they can be usefully answered. This could be answered with historical information or by saying how each hash is currently used. (We have many well-received "Why?" questions, like Why is there a /bin/echo and why would I want to use it?, Why is defragmentation unnecessary?, Why is it called sudo?, Why is Wayland better?, Why do shells call fork()?)
– Eliah Kagan
Aug 12 at 21:44
add a comment
|
2 Answers
2
active
oldest
votes
Yes, you can use any one of those sums to identify a package.
Back in the early days of Debian, before apt, before Ubuntu, back when dpkg roamed the Earth freely as the apex package manager, Debian users manually downloaded packages and then manually ran md5sum to verify a non-corrupt download. md5sum went out of style about 20 years ago, as early iterations of apt began to automatically verify downloads as part of the new repository system.
Debian shifted from md5sum to more-secure sha1 and later to much-more-secure-sha256 as the project's security gurus determined that greater and greater computing power over the decades made their packages vulnerable to sophisticated attacks.
However, many legacy packaging methods (like debhelper) and infrastructure (like alioth) threw errors if the older hashes were not also generated. Cleaning out legacy infrastructure is a complex problem. It's not the code; it's the people who have set up workflows that rely upon their favorite tools, and don't really want to change. They are volunteers, so compelling change is rarely a realistic option. So infrastructure cleanup is slow. However, note that this community's willingness to openly discuss change, and to accept that change might be slow, is arguably one of Debian's great strengths.
Someday md5 and sha1 will be gone. But Debian isn't quite there yet.
answered Aug 13 at 3:18
user535733user535733
11.5k3 gold badges33 silver badges49 bronze badges
In addition md5 and sha256 and sha1 is a lot better than one of them. A collision in one of them will probably not be a collision in any of the others. Using different hashing algorithms has a trivial overhead, but some benefits in terms of difficulty to attack.
– vidarlo
Aug 13 at 4:50
add a comment
|
This does not really answer the question but some additional context may nonetheless be appreciated, since "identify a package" may mean so many different things. The hash sums tell you that the package's content matches with the description (.dsc) file. And yes, any of these hashes will tell you if that content was changed.
What it does not tell you is if the content is still the same since the package has left the developer. Everyone could just come up with a package and generate a new .dsc file - with matching but different hashes. You want to check the package's signature to ensure that the package is what it should be, matching hashes or not.
You can also sign packages yourself and trust your own signature. This way you can modify packages. The .changes file link the binaries to a source tree. This may then help to "identify" the functionally equivalent packages across different hardware platform for which you (or the distributions build demons) rebuilt them. But across platforms, the binaries will have different hashes.
For most package managing use cases, knowledge of the package name+version plus signature are sufficient. This also gives you a "newer than" half-order, which hashes cannot provide.
answered Aug 13 at 15:30
smoesmoe
3101 silver badge7 bronze badges
add a comment
|
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1165270%2funiquely-identify-a-debian-package%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Yes, you can use any one of those sums to identify a package.
Back in the early days of Debian, before apt, before Ubuntu, back when dpkg roamed the Earth freely as the apex package manager, Debian users manually downloaded packages and then manually ran md5sum to verify a non-corrupt download. md5sum went out of style about 20 years ago, as early iterations of apt began to automatically verify downloads as part of the new repository system.
Debian shifted from md5sum to more-secure sha1 and later to much-more-secure-sha256 as the project's security gurus determined that greater and greater computing power over the decades made their packages vulnerable to sophisticated attacks.
However, many legacy packaging methods (like debhelper) and infrastructure (like alioth) threw errors if the older hashes were not also generated. Cleaning out legacy infrastructure is a complex problem. It's not the code; it's the people who have set up workflows that rely upon their favorite tools, and don't really want to change. They are volunteers, so compelling change is rarely a realistic option. So infrastructure cleanup is slow. However, note that this community's willingness to openly discuss change, and to accept that change might be slow, is arguably one of Debian's great strengths.
Someday md5 and sha1 will be gone. But Debian isn't quite there yet.
answered Aug 13 at 3:18
user535733user535733
11.5k3 gold badges33 silver badges49 bronze badges
In addition md5 and sha256 and sha1 is a lot better than one of them. A collision in one of them will probably not be a collision in any of the others. Using different hashing algorithms has a trivial overhead, but some benefits in terms of difficulty to attack.
– vidarlo
Aug 13 at 4:50
add a comment
|
Yes, you can use any one of those sums to identify a package.
Back in the early days of Debian, before apt, before Ubuntu, back when dpkg roamed the Earth freely as the apex package manager, Debian users manually downloaded packages and then manually ran md5sum to verify a non-corrupt download. md5sum went out of style about 20 years ago, as early iterations of apt began to automatically verify downloads as part of the new repository system.
Debian shifted from md5sum to more-secure sha1 and later to much-more-secure-sha256 as the project's security gurus determined that greater and greater computing power over the decades made their packages vulnerable to sophisticated attacks.
However, many legacy packaging methods (like debhelper) and infrastructure (like alioth) threw errors if the older hashes were not also generated. Cleaning out legacy infrastructure is a complex problem. It's not the code; it's the people who have set up workflows that rely upon their favorite tools, and don't really want to change. They are volunteers, so compelling change is rarely a realistic option. So infrastructure cleanup is slow. However, note that this community's willingness to openly discuss change, and to accept that change might be slow, is arguably one of Debian's great strengths.
Someday md5 and sha1 will be gone. But Debian isn't quite there yet.
answered Aug 13 at 3:18
user535733user535733
11.5k3 gold badges33 silver badges49 bronze badges
In addition md5 and sha256 and sha1 is a lot better than one of them. A collision in one of them will probably not be a collision in any of the others. Using different hashing algorithms has a trivial overhead, but some benefits in terms of difficulty to attack.
– vidarlo
Aug 13 at 4:50
add a comment
|
Yes, you can use any one of those sums to identify a package.
Back in the early days of Debian, before apt, before Ubuntu, back when dpkg roamed the Earth freely as the apex package manager, Debian users manually downloaded packages and then manually ran md5sum to verify a non-corrupt download. md5sum went out of style about 20 years ago, as early iterations of apt began to automatically verify downloads as part of the new repository system.
Debian shifted from md5sum to more-secure sha1 and later to much-more-secure-sha256 as the project's security gurus determined that greater and greater computing power over the decades made their packages vulnerable to sophisticated attacks.
However, many legacy packaging methods (like debhelper) and infrastructure (like alioth) threw errors if the older hashes were not also generated. Cleaning out legacy infrastructure is a complex problem. It's not the code; it's the people who have set up workflows that rely upon their favorite tools, and don't really want to change. They are volunteers, so compelling change is rarely a realistic option. So infrastructure cleanup is slow. However, note that this community's willingness to openly discuss change, and to accept that change might be slow, is arguably one of Debian's great strengths.
Someday md5 and sha1 will be gone. But Debian isn't quite there yet.
answered Aug 13 at 3:18
user535733user535733
11.5k3 gold badges33 silver badges49 bronze badges
Yes, you can use any one of those sums to identify a package.
Back in the early days of Debian, before apt, before Ubuntu, back when dpkg roamed the Earth freely as the apex package manager, Debian users manually downloaded packages and then manually ran md5sum to verify a non-corrupt download. md5sum went out of style about 20 years ago, as early iterations of apt began to automatically verify downloads as part of the new repository system.
Debian shifted from md5sum to more-secure sha1 and later to much-more-secure-sha256 as the project's security gurus determined that greater and greater computing power over the decades made their packages vulnerable to sophisticated attacks.
However, many legacy packaging methods (like debhelper) and infrastructure (like alioth) threw errors if the older hashes were not also generated. Cleaning out legacy infrastructure is a complex problem. It's not the code; it's the people who have set up workflows that rely upon their favorite tools, and don't really want to change. They are volunteers, so compelling change is rarely a realistic option. So infrastructure cleanup is slow. However, note that this community's willingness to openly discuss change, and to accept that change might be slow, is arguably one of Debian's great strengths.
Someday md5 and sha1 will be gone. But Debian isn't quite there yet.
answered Aug 13 at 3:18
user535733user535733
11.5k3 gold badges33 silver badges49 bronze badges
edited Aug 13 at 18:26
answered Aug 13 at 3:18
user535733user535733
11.5k3 gold badges33 silver badges49 bronze badges
answered Aug 13 at 3:18
user535733user535733
11.5k3 gold badges33 silver badges49 bronze badges
answered Aug 13 at 3:18
user535733user535733
11.5k3 gold badges33 silver badges49 bronze badges
11.5k3 gold badges33 silver badges49 bronze badges
In addition md5 and sha256 and sha1 is a lot better than one of them. A collision in one of them will probably not be a collision in any of the others. Using different hashing algorithms has a trivial overhead, but some benefits in terms of difficulty to attack.
– vidarlo
Aug 13 at 4:50
add a comment
|
In addition md5 and sha256 and sha1 is a lot better than one of them. A collision in one of them will probably not be a collision in any of the others. Using different hashing algorithms has a trivial overhead, but some benefits in terms of difficulty to attack.
– vidarlo
Aug 13 at 4:50
In addition md5 and sha256 and sha1 is a lot better than one of them. A collision in one of them will probably not be a collision in any of the others. Using different hashing algorithms has a trivial overhead, but some benefits in terms of difficulty to attack.
– vidarlo
Aug 13 at 4:50
In addition md5 and sha256 and sha1 is a lot better than one of them. A collision in one of them will probably not be a collision in any of the others. Using different hashing algorithms has a trivial overhead, but some benefits in terms of difficulty to attack.
– vidarlo
Aug 13 at 4:50
add a comment
|
This does not really answer the question but some additional context may nonetheless be appreciated, since "identify a package" may mean so many different things. The hash sums tell you that the package's content matches with the description (.dsc) file. And yes, any of these hashes will tell you if that content was changed.
What it does not tell you is if the content is still the same since the package has left the developer. Everyone could just come up with a package and generate a new .dsc file - with matching but different hashes. You want to check the package's signature to ensure that the package is what it should be, matching hashes or not.
You can also sign packages yourself and trust your own signature. This way you can modify packages. The .changes file link the binaries to a source tree. This may then help to "identify" the functionally equivalent packages across different hardware platform for which you (or the distributions build demons) rebuilt them. But across platforms, the binaries will have different hashes.
For most package managing use cases, knowledge of the package name+version plus signature are sufficient. This also gives you a "newer than" half-order, which hashes cannot provide.
answered Aug 13 at 15:30
smoesmoe
3101 silver badge7 bronze badges
add a comment
|
This does not really answer the question but some additional context may nonetheless be appreciated, since "identify a package" may mean so many different things. The hash sums tell you that the package's content matches with the description (.dsc) file. And yes, any of these hashes will tell you if that content was changed.
What it does not tell you is if the content is still the same since the package has left the developer. Everyone could just come up with a package and generate a new .dsc file - with matching but different hashes. You want to check the package's signature to ensure that the package is what it should be, matching hashes or not.
You can also sign packages yourself and trust your own signature. This way you can modify packages. The .changes file link the binaries to a source tree. This may then help to "identify" the functionally equivalent packages across different hardware platform for which you (or the distributions build demons) rebuilt them. But across platforms, the binaries will have different hashes.
For most package managing use cases, knowledge of the package name+version plus signature are sufficient. This also gives you a "newer than" half-order, which hashes cannot provide.
answered Aug 13 at 15:30
smoesmoe
3101 silver badge7 bronze badges
add a comment
|
This does not really answer the question but some additional context may nonetheless be appreciated, since "identify a package" may mean so many different things. The hash sums tell you that the package's content matches with the description (.dsc) file. And yes, any of these hashes will tell you if that content was changed.
What it does not tell you is if the content is still the same since the package has left the developer. Everyone could just come up with a package and generate a new .dsc file - with matching but different hashes. You want to check the package's signature to ensure that the package is what it should be, matching hashes or not.
You can also sign packages yourself and trust your own signature. This way you can modify packages. The .changes file link the binaries to a source tree. This may then help to "identify" the functionally equivalent packages across different hardware platform for which you (or the distributions build demons) rebuilt them. But across platforms, the binaries will have different hashes.
For most package managing use cases, knowledge of the package name+version plus signature are sufficient. This also gives you a "newer than" half-order, which hashes cannot provide.
answered Aug 13 at 15:30
smoesmoe
3101 silver badge7 bronze badges
This does not really answer the question but some additional context may nonetheless be appreciated, since "identify a package" may mean so many different things. The hash sums tell you that the package's content matches with the description (.dsc) file. And yes, any of these hashes will tell you if that content was changed.
What it does not tell you is if the content is still the same since the package has left the developer. Everyone could just come up with a package and generate a new .dsc file - with matching but different hashes. You want to check the package's signature to ensure that the package is what it should be, matching hashes or not.
You can also sign packages yourself and trust your own signature. This way you can modify packages. The .changes file link the binaries to a source tree. This may then help to "identify" the functionally equivalent packages across different hardware platform for which you (or the distributions build demons) rebuilt them. But across platforms, the binaries will have different hashes.
For most package managing use cases, knowledge of the package name+version plus signature are sufficient. This also gives you a "newer than" half-order, which hashes cannot provide.
answered Aug 13 at 15:30
smoesmoe
3101 silver badge7 bronze badges
answered Aug 13 at 15:30
smoesmoe
3101 silver badge7 bronze badges
answered Aug 13 at 15:30
smoesmoe
3101 silver badge7 bronze badges
answered Aug 13 at 15:30
smoesmoe
3101 silver badge7 bronze badges
3101 silver badge7 bronze badges
add a comment
|
add a comment
|
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1165270%2funiquely-identify-a-debian-package%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
What is a checksum - Checksums are used to verify the integrity of a copied or downloaded file. In that way they are used to uniquely identify a file- any changes made to the file would result in an entirely different checksum. There are multiple ways to calculate a checksum - Why? is a question outside of the scope and purpose of this forum.
– Nmath
Aug 12 at 21:12
@Nmath "Why?" questions are fine, provided they can be usefully answered. This could be answered with historical information or by saying how each hash is currently used. (We have many well-received "Why?" questions, like Why is there a /bin/echo and why would I want to use it?, Why is defragmentation unnecessary?, Why is it called sudo?, Why is Wayland better?, Why do shells call fork()?)
– Eliah Kagan
Aug 12 at 21:44