Why does the SHA256 of Raspbian file image never correspond to the one indicated on the website?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;







up vote
3
down vote

favorite












Every time I download Raspbian (last time Raspbian Stretch with desktop) I try to verify SHA256. However, every time the result is different from the one on the website, although I am quite sure the download was successful and without manipulation.



Why is that? Am I calculating in a wrong way?



The last time I generated the sha256 on OSX with the command shasum -a 256 2018-06-27-raspbian-stretch.img










share|improve this question





























    up vote
    3
    down vote

    favorite












    Every time I download Raspbian (last time Raspbian Stretch with desktop) I try to verify SHA256. However, every time the result is different from the one on the website, although I am quite sure the download was successful and without manipulation.



    Why is that? Am I calculating in a wrong way?



    The last time I generated the sha256 on OSX with the command shasum -a 256 2018-06-27-raspbian-stretch.img










    share|improve this question

























      up vote
      3
      down vote

      favorite









      up vote
      3
      down vote

      favorite











      Every time I download Raspbian (last time Raspbian Stretch with desktop) I try to verify SHA256. However, every time the result is different from the one on the website, although I am quite sure the download was successful and without manipulation.



      Why is that? Am I calculating in a wrong way?



      The last time I generated the sha256 on OSX with the command shasum -a 256 2018-06-27-raspbian-stretch.img










      share|improve this question















      Every time I download Raspbian (last time Raspbian Stretch with desktop) I try to verify SHA256. However, every time the result is different from the one on the website, although I am quite sure the download was successful and without manipulation.



      Why is that? Am I calculating in a wrong way?



      The last time I generated the sha256 on OSX with the command shasum -a 256 2018-06-27-raspbian-stretch.img







      raspbian-stretch






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited 6 mins ago

























      asked 9 hours ago









      Francesco Boi

      152211




      152211




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          15
          down vote













          The SHA-256 checksum on the downloads page is for the ZIP file, not the IMG file.






          share|improve this answer




















          • It confused me because it seems OSX extract directly the zip file so I did not get it was downloaded as zip.
            – Francesco Boi
            7 hours ago










          • You'll find the .zip file is there in the parent folder of the location the contents were extracted to. This took me a while to get used to, too. :)
            – Jules
            7 hours ago






          • 2




            Sidenote: Provided checksums are in general directly for the downloaded file, not for any files inside a downloaded archive/container.
            – Michael Pittino
            5 hours ago










          • Building on that side note, this is common practice because trying to decompress malicious or corrupted data can result in all kinds of nasty things happening, least of which being that you may silently get the wrong data back from the decompression. Keep in mind that a compressed data stream is functionally equivalent to code that recreates the original data, so similar precautions to untrusted software should be taken for untrusted compressed data streams.
            – Austin Hemmelgarn
            4 hours ago










          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "447"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fraspberrypi.stackexchange.com%2fquestions%2f89154%2fwhy-does-the-sha256-of-raspbian-file-image-never-correspond-to-the-one-indicated%23new-answer', 'question_page');

          );

          Post as a guest






























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          15
          down vote













          The SHA-256 checksum on the downloads page is for the ZIP file, not the IMG file.






          share|improve this answer




















          • It confused me because it seems OSX extract directly the zip file so I did not get it was downloaded as zip.
            – Francesco Boi
            7 hours ago










          • You'll find the .zip file is there in the parent folder of the location the contents were extracted to. This took me a while to get used to, too. :)
            – Jules
            7 hours ago






          • 2




            Sidenote: Provided checksums are in general directly for the downloaded file, not for any files inside a downloaded archive/container.
            – Michael Pittino
            5 hours ago










          • Building on that side note, this is common practice because trying to decompress malicious or corrupted data can result in all kinds of nasty things happening, least of which being that you may silently get the wrong data back from the decompression. Keep in mind that a compressed data stream is functionally equivalent to code that recreates the original data, so similar precautions to untrusted software should be taken for untrusted compressed data streams.
            – Austin Hemmelgarn
            4 hours ago














          up vote
          15
          down vote













          The SHA-256 checksum on the downloads page is for the ZIP file, not the IMG file.






          share|improve this answer




















          • It confused me because it seems OSX extract directly the zip file so I did not get it was downloaded as zip.
            – Francesco Boi
            7 hours ago










          • You'll find the .zip file is there in the parent folder of the location the contents were extracted to. This took me a while to get used to, too. :)
            – Jules
            7 hours ago






          • 2




            Sidenote: Provided checksums are in general directly for the downloaded file, not for any files inside a downloaded archive/container.
            – Michael Pittino
            5 hours ago










          • Building on that side note, this is common practice because trying to decompress malicious or corrupted data can result in all kinds of nasty things happening, least of which being that you may silently get the wrong data back from the decompression. Keep in mind that a compressed data stream is functionally equivalent to code that recreates the original data, so similar precautions to untrusted software should be taken for untrusted compressed data streams.
            – Austin Hemmelgarn
            4 hours ago












          up vote
          15
          down vote










          up vote
          15
          down vote









          The SHA-256 checksum on the downloads page is for the ZIP file, not the IMG file.






          share|improve this answer












          The SHA-256 checksum on the downloads page is for the ZIP file, not the IMG file.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered 8 hours ago









          Dirk

          9971414




          9971414











          • It confused me because it seems OSX extract directly the zip file so I did not get it was downloaded as zip.
            – Francesco Boi
            7 hours ago










          • You'll find the .zip file is there in the parent folder of the location the contents were extracted to. This took me a while to get used to, too. :)
            – Jules
            7 hours ago






          • 2




            Sidenote: Provided checksums are in general directly for the downloaded file, not for any files inside a downloaded archive/container.
            – Michael Pittino
            5 hours ago










          • Building on that side note, this is common practice because trying to decompress malicious or corrupted data can result in all kinds of nasty things happening, least of which being that you may silently get the wrong data back from the decompression. Keep in mind that a compressed data stream is functionally equivalent to code that recreates the original data, so similar precautions to untrusted software should be taken for untrusted compressed data streams.
            – Austin Hemmelgarn
            4 hours ago
















          • It confused me because it seems OSX extract directly the zip file so I did not get it was downloaded as zip.
            – Francesco Boi
            7 hours ago










          • You'll find the .zip file is there in the parent folder of the location the contents were extracted to. This took me a while to get used to, too. :)
            – Jules
            7 hours ago






          • 2




            Sidenote: Provided checksums are in general directly for the downloaded file, not for any files inside a downloaded archive/container.
            – Michael Pittino
            5 hours ago










          • Building on that side note, this is common practice because trying to decompress malicious or corrupted data can result in all kinds of nasty things happening, least of which being that you may silently get the wrong data back from the decompression. Keep in mind that a compressed data stream is functionally equivalent to code that recreates the original data, so similar precautions to untrusted software should be taken for untrusted compressed data streams.
            – Austin Hemmelgarn
            4 hours ago















          It confused me because it seems OSX extract directly the zip file so I did not get it was downloaded as zip.
          – Francesco Boi
          7 hours ago




          It confused me because it seems OSX extract directly the zip file so I did not get it was downloaded as zip.
          – Francesco Boi
          7 hours ago












          You'll find the .zip file is there in the parent folder of the location the contents were extracted to. This took me a while to get used to, too. :)
          – Jules
          7 hours ago




          You'll find the .zip file is there in the parent folder of the location the contents were extracted to. This took me a while to get used to, too. :)
          – Jules
          7 hours ago




          2




          2




          Sidenote: Provided checksums are in general directly for the downloaded file, not for any files inside a downloaded archive/container.
          – Michael Pittino
          5 hours ago




          Sidenote: Provided checksums are in general directly for the downloaded file, not for any files inside a downloaded archive/container.
          – Michael Pittino
          5 hours ago












          Building on that side note, this is common practice because trying to decompress malicious or corrupted data can result in all kinds of nasty things happening, least of which being that you may silently get the wrong data back from the decompression. Keep in mind that a compressed data stream is functionally equivalent to code that recreates the original data, so similar precautions to untrusted software should be taken for untrusted compressed data streams.
          – Austin Hemmelgarn
          4 hours ago




          Building on that side note, this is common practice because trying to decompress malicious or corrupted data can result in all kinds of nasty things happening, least of which being that you may silently get the wrong data back from the decompression. Keep in mind that a compressed data stream is functionally equivalent to code that recreates the original data, so similar precautions to untrusted software should be taken for untrusted compressed data streams.
          – Austin Hemmelgarn
          4 hours ago

















           

          draft saved


          draft discarded















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fraspberrypi.stackexchange.com%2fquestions%2f89154%2fwhy-does-the-sha256-of-raspbian-file-image-never-correspond-to-the-one-indicated%23new-answer', 'question_page');

          );

          Post as a guest













































































          Comments

          Popular posts from this blog

          Long meetings (6-7 hours a day): Being “babysat” by supervisor

          What does second last employer means? [closed]

          One-line joke