What are the differences between "md5sum" and "sha256sum"?

iso md5sum
16,419

Solution 1

Short answer: For verifying ISOs, there is no practical difference, use whichever you want, as long as you trust the source providing the sums. MD5 is/used to be the standard, but the computing world is moving towards adopting SHA since it is newer and "better" for the future; hence, SHA sums are often provided as an alternative.

  • md5sum and sha256sum are programs which implement the MD5 and SHA-256 hash algorithms respectively
  • In general, a hash algorithm takes an input of any (arbitrary) length and runs mathematical computations on it to produce a relatively small, fixed-length output, called a "hash" (or "sum")
  • Verifying data integrity (e.g. ISOs) is only one of the many uses for hashes
  • The primary difference between the older MD5 and the newer SHA-256 hashes is that MD5 produces a 128-bit output while SHA-256 produces a 256-bit output
  • For verifying data (ISOs) to work, the hash of the data must effectively be unique, so that no other data produces the same MD5 sum or SHA-256 sum.
    • In theory, this is possible, i.e. two sets of input data produce the same output hash, called a "collision".
    • The chance of such collisions is lower with SHA-256 compared to MD5 because its 256-bit hash is double the size of MD5's 128-bit hash.
    • In practice, the chance of a collision when verifying ISOs, even with MD5 is zero given the 100+ MB size of ISOs.
  • Still, since the computing world is moving towards SHA because it is a newer and "better" hash for the future, ISO checksums are often provided in multiple formats.

Solution 2

From How To SHA256 SUM page

The program sha256sum is designed to verify data integrity using the SHA-256 (SHA-2 family with a digest length of 256 bits). SHA-256 hashes used properly can confirm both file integrity and authenticity. SHA-256 serves a similar purpose to a prior algorithm recommended by Ubuntu, MD5, but is less vulnerable to attack. In terms of security, cryptographic hashes such as SHA-256 allow for authentication of data obtained from insecure mirrors.

From How to MD5SUM

The program md5sum is designed to verify data integrity using the MD5 (Message-Digest algorithm 5) 128-bit cryptographic hash. MD5 hashes used properly can confirm both file integrity and authenticity. The MD5 hash must be signed or come from a secure source (an HTTPS page) of an organization you trust. While security flaws in the MD5 algorithm have been uncovered, MD5 hashes are still useful when you trust the organization that produces them.

Basically it is measure of security concern. If you are using Unofficial Mirrors for downloading the ISO's then probably both can be used to make sure the integrity of file.

Share:
16,419

Related videos on Youtube

mx7
Author by

mx7

LinkedIn Profile: https://in.linkedin.com/in/raja-genupula-05205531 Endorse me If I helped you. Blog : http://thelinuxmen.blogspot.com/ Ubuntu - CentOS - Fedora - Windows - Severs - IIS - FTP - Security Thank you.

Updated on September 18, 2022

Comments

  • mx7
    mx7 almost 2 years

    Why we need two tools for verifying ISO . is there any specific things to consider between them ?

  • chazomaticus
    chazomaticus almost 12 years
    For the record, it's somewhat misleading to say SHA is just "newer and 'better'". MD5 is considered utterly cryptographically insecure due to how easy it is to produce collisions (which also makes it arguably less useful for verifying ISOs). MD5 should no longer be used, period, for anything. The Wikipedia page has a good summary of what's wrong with MD5 right now, in practice.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to identify and replace broken files in a corrupted Ubuntu ISO?
Dart DateTime.parse timeZoneOffset is always 0
convert plain-text password to MD5 salted hash
RFC 2822 and ISO 8601 date format regex
Print md5sum of results of a find command in Linux
Which PDF of the C++ ISO standard should I read?
Golang md5 Sum() function
Locale.UK and country code
error: ISO C++ forbids taking the address of an unqualified or parenthesized non-static member function to form a pointer to member function
Want [ubuntu]iso bootable on external hdd as liveCD