2

I installed Ubuntu 12.04 a few weeks ago, from a download off of the website. I still have the dvd used. I was talking to my friend today about it and he mentioned something about checking the hash to make sure it was a good copy, as sometimes the file can get corrupted by a third party. My question is, can I check the hash of the dvd or even off of the versio

Bryan
  • 237

3 Answers3

4

No, you should not be worried, and yes, it can be checked. Checking a hash is a universal procedure. While not technically correct, a hash is basically a "one-way encryption" that give a short, usually-unique code to check if the file became garbled. If it installed properly, chances are it's a good file. If you still have the ISO file around, checking the hash is quite easy. Copy it to your home folder and call it ubuntu-hashme.iso. Now, open Terminal, and when you get thee user@computer:~$ prompt, run the following:

md5sum ubuntu-hashme.iso

and it will give a string(it could take some time depending on the speed of your computer). It should correspond to the strings on https://help.ubuntu.com/community/UbuntuHashes/, depending on what file you downloaded. It's most likely:

d791352694374f1c478779f7f4447a3f    ubuntu-12.04-desktop-i386.iso

or

128f0c16f4734c420b0185a492d92e52    ubuntu-12.04-desktop-amd64.iso

but it could be something else on that page.

Jorge Castro
  • 71,754
nanofarad
  • 20,717
  • I no longer have the default iso. I have the dvd with all the information opened up onto the dvd. Am I out of luck? – Bryan Aug 15 '12 at 18:50
  • You're out of luck, but you needn't worry. The system downloaded and installed correctly, and the squashfs file they use to pack all the files onto the CD has its own hashing method. There is practically no chance someone poisoned your download. – nanofarad Aug 15 '12 at 18:51
  • Thank you so much for your time, and the assurance. I was not overly worried, but with all the stuff going on with the editor from Wireds account (not linux, or even similarly, related), I figured I better check it out. – Bryan Aug 15 '12 at 18:54
  • If this answer solved your question, please click the checkmark to the left of it. – nanofarad Aug 15 '12 at 18:55
1

You CAN generate checksums of whole DVDs even if you don't have the image anymore. Figure out the device name of your DVD drive and just run md5sum upon the device.

user83636
  • 41
1

Edit 2020-07-20: I used the cfv progam here which has been removed from the repositories in 20.04. Alternatives are md5sum, hashdeep and rhash.

All Ubuntu ISOs should contain a md5sum.txt file, which contains MD5 hashes of all files on the disk. Some installers even offer to check this file first before installing. There are a lot of tools out there to check/match lists of hashes. I prefer cfv from the cfv package.

cfv -f *.md5

This checks all md5 files in a directory, shows a progress bar and finally statistics (good files, damaged files, etc).

One step further:

find -name *.md5 -print -execdir cfv -f {} \;

This will check all md5 files in a directory and subdirectories.

Note: The hash for the whole ISO at the download page is for checking the download and detect man in the middle attacks, the MD5 hashes on the ISO are for verifying the content once it's burned or transfered another way to a medium.

LiveWireBT
  • 28,763