Why does the SHA256 of Raspbian file image never correspond to the one indicated on the website?
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;
up vote
3
down vote
favorite
Every time I download Raspbian (last time Raspbian Stretch with desktop) I try to verify SHA256. However, every time the result is different from the one on the website, although I am quite sure the download was successful and without manipulation.
Why is that? Am I calculating in a wrong way?
The last time I generated the sha256 on OSX with the command shasum -a 256 2018-06-27-raspbian-stretch.img
raspbian-stretch
add a comment |Â
up vote
3
down vote
favorite
Every time I download Raspbian (last time Raspbian Stretch with desktop) I try to verify SHA256. However, every time the result is different from the one on the website, although I am quite sure the download was successful and without manipulation.
Why is that? Am I calculating in a wrong way?
The last time I generated the sha256 on OSX with the command shasum -a 256 2018-06-27-raspbian-stretch.img
raspbian-stretch
add a comment |Â
up vote
3
down vote
favorite
up vote
3
down vote
favorite
Every time I download Raspbian (last time Raspbian Stretch with desktop) I try to verify SHA256. However, every time the result is different from the one on the website, although I am quite sure the download was successful and without manipulation.
Why is that? Am I calculating in a wrong way?
The last time I generated the sha256 on OSX with the command shasum -a 256 2018-06-27-raspbian-stretch.img
raspbian-stretch
Every time I download Raspbian (last time Raspbian Stretch with desktop) I try to verify SHA256. However, every time the result is different from the one on the website, although I am quite sure the download was successful and without manipulation.
Why is that? Am I calculating in a wrong way?
The last time I generated the sha256 on OSX with the command shasum -a 256 2018-06-27-raspbian-stretch.img
raspbian-stretch
raspbian-stretch
edited 6 mins ago
asked 9 hours ago
Francesco Boi
152211
152211
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
15
down vote
The SHA-256 checksum on the downloads page is for the ZIP file, not the IMG file.
It confused me because it seems OSX extract directly the zip file so I did not get it was downloaded as zip.
â Francesco Boi
7 hours ago
You'll find the .zip file is there in the parent folder of the location the contents were extracted to. This took me a while to get used to, too. :)
â Jules
7 hours ago
2
Sidenote: Provided checksums are in general directly for the downloaded file, not for any files inside a downloaded archive/container.
â Michael Pittino
5 hours ago
Building on that side note, this is common practice because trying to decompress malicious or corrupted data can result in all kinds of nasty things happening, least of which being that you may silently get the wrong data back from the decompression. Keep in mind that a compressed data stream is functionally equivalent to code that recreates the original data, so similar precautions to untrusted software should be taken for untrusted compressed data streams.
â Austin Hemmelgarn
4 hours ago
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
15
down vote
The SHA-256 checksum on the downloads page is for the ZIP file, not the IMG file.
It confused me because it seems OSX extract directly the zip file so I did not get it was downloaded as zip.
â Francesco Boi
7 hours ago
You'll find the .zip file is there in the parent folder of the location the contents were extracted to. This took me a while to get used to, too. :)
â Jules
7 hours ago
2
Sidenote: Provided checksums are in general directly for the downloaded file, not for any files inside a downloaded archive/container.
â Michael Pittino
5 hours ago
Building on that side note, this is common practice because trying to decompress malicious or corrupted data can result in all kinds of nasty things happening, least of which being that you may silently get the wrong data back from the decompression. Keep in mind that a compressed data stream is functionally equivalent to code that recreates the original data, so similar precautions to untrusted software should be taken for untrusted compressed data streams.
â Austin Hemmelgarn
4 hours ago
add a comment |Â
up vote
15
down vote
The SHA-256 checksum on the downloads page is for the ZIP file, not the IMG file.
It confused me because it seems OSX extract directly the zip file so I did not get it was downloaded as zip.
â Francesco Boi
7 hours ago
You'll find the .zip file is there in the parent folder of the location the contents were extracted to. This took me a while to get used to, too. :)
â Jules
7 hours ago
2
Sidenote: Provided checksums are in general directly for the downloaded file, not for any files inside a downloaded archive/container.
â Michael Pittino
5 hours ago
Building on that side note, this is common practice because trying to decompress malicious or corrupted data can result in all kinds of nasty things happening, least of which being that you may silently get the wrong data back from the decompression. Keep in mind that a compressed data stream is functionally equivalent to code that recreates the original data, so similar precautions to untrusted software should be taken for untrusted compressed data streams.
â Austin Hemmelgarn
4 hours ago
add a comment |Â
up vote
15
down vote
up vote
15
down vote
The SHA-256 checksum on the downloads page is for the ZIP file, not the IMG file.
The SHA-256 checksum on the downloads page is for the ZIP file, not the IMG file.
answered 8 hours ago
Dirk
9971414
9971414
It confused me because it seems OSX extract directly the zip file so I did not get it was downloaded as zip.
â Francesco Boi
7 hours ago
You'll find the .zip file is there in the parent folder of the location the contents were extracted to. This took me a while to get used to, too. :)
â Jules
7 hours ago
2
Sidenote: Provided checksums are in general directly for the downloaded file, not for any files inside a downloaded archive/container.
â Michael Pittino
5 hours ago
Building on that side note, this is common practice because trying to decompress malicious or corrupted data can result in all kinds of nasty things happening, least of which being that you may silently get the wrong data back from the decompression. Keep in mind that a compressed data stream is functionally equivalent to code that recreates the original data, so similar precautions to untrusted software should be taken for untrusted compressed data streams.
â Austin Hemmelgarn
4 hours ago
add a comment |Â
It confused me because it seems OSX extract directly the zip file so I did not get it was downloaded as zip.
â Francesco Boi
7 hours ago
You'll find the .zip file is there in the parent folder of the location the contents were extracted to. This took me a while to get used to, too. :)
â Jules
7 hours ago
2
Sidenote: Provided checksums are in general directly for the downloaded file, not for any files inside a downloaded archive/container.
â Michael Pittino
5 hours ago
Building on that side note, this is common practice because trying to decompress malicious or corrupted data can result in all kinds of nasty things happening, least of which being that you may silently get the wrong data back from the decompression. Keep in mind that a compressed data stream is functionally equivalent to code that recreates the original data, so similar precautions to untrusted software should be taken for untrusted compressed data streams.
â Austin Hemmelgarn
4 hours ago
It confused me because it seems OSX extract directly the zip file so I did not get it was downloaded as zip.
â Francesco Boi
7 hours ago
It confused me because it seems OSX extract directly the zip file so I did not get it was downloaded as zip.
â Francesco Boi
7 hours ago
You'll find the .zip file is there in the parent folder of the location the contents were extracted to. This took me a while to get used to, too. :)
â Jules
7 hours ago
You'll find the .zip file is there in the parent folder of the location the contents were extracted to. This took me a while to get used to, too. :)
â Jules
7 hours ago
2
2
Sidenote: Provided checksums are in general directly for the downloaded file, not for any files inside a downloaded archive/container.
â Michael Pittino
5 hours ago
Sidenote: Provided checksums are in general directly for the downloaded file, not for any files inside a downloaded archive/container.
â Michael Pittino
5 hours ago
Building on that side note, this is common practice because trying to decompress malicious or corrupted data can result in all kinds of nasty things happening, least of which being that you may silently get the wrong data back from the decompression. Keep in mind that a compressed data stream is functionally equivalent to code that recreates the original data, so similar precautions to untrusted software should be taken for untrusted compressed data streams.
â Austin Hemmelgarn
4 hours ago
Building on that side note, this is common practice because trying to decompress malicious or corrupted data can result in all kinds of nasty things happening, least of which being that you may silently get the wrong data back from the decompression. Keep in mind that a compressed data stream is functionally equivalent to code that recreates the original data, so similar precautions to untrusted software should be taken for untrusted compressed data streams.
â Austin Hemmelgarn
4 hours ago
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fraspberrypi.stackexchange.com%2fquestions%2f89154%2fwhy-does-the-sha256-of-raspbian-file-image-never-correspond-to-the-one-indicated%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password