checksum Installation Guide

Calculate md5, sha1 and sha256 Checksums of ISO Images

md5, sha1, and sha256 are different hashing algorithms. They take data in and gives you a fixed length hash of that data. The hashes are unique for different data sequence. Basically what that means is if you calculate the md5 or sha1 or sha256 hash of the same file, you will always get the same output.

This is used to verify whether a file is damaged/changed while downloading. If the contents of the file are unchanged, then the hash of the file would be the same as the original file. Changing even a single bit of the file would give you a different hash.

Ubuntu/Debian, CentOS and other Linux distributions tells you the md5 or sha1 or sha256 hashes of the original ISO file. So, once you download the ISO file from their official website or some geographically close mirrors, you can check whether the hashes are the same to verify that you got an exact copy of the original ISO file. If the hashes don’t match, then your ISO file is corrupted and you will have to download it again. Corrupted ISO files can cause lots of installation problems.

In this article, I will show you how to calculate md5, sha1, and sha256 hashes of the ISO image of your desired Linux distribution. So, let’s get started.

Finding md5, sha1, and sha256 Hashes of Linux ISO Images:

You can find the md5, sha1, and sha256 hashes in the official website of the Linux distribution that you’re downloading the ISO image from.

As you can see, the md5 and sha1 hashes are given in the downloads page of Arch Linux.

For Ubuntu, you can find the hashes at https://releases.ubuntu.com

Select the version of Ubuntu that you want to download and you should see a directory listing here. Each type of hashes has separate file. For example, the md5 hashes are stored in MD5SUMS file, the sha1 hashes are stored in SHA1SUMS file, and the sha256 hashes are stored in SHA256SUMS file.

If you click on the MD5SUMS file, the md5 hash for Ubuntu desktop and server ISO file should be displayed.

If you click on the SHA1SUMS file, the sha1 hash for Ubuntu desktop and server ISO file should be displayed the same way.

The same goes for sha256 hashes. The file to look at is SHA256SUMS.

Not all Linux distributions will list every type of hashes. Some will just use md5 and sha1 hashes. While others may use md5, sha1, and sha256 hashes.

Just like that, for other Linux distributions, you should find the md5, sha1 or sha256 hashes in their official websites. If you’re having a hard time, then just do a quick search on google. Remember to trust the hashes listed in the official websites only, not on any other random websites.

Now, you know how to find the md5, sha1 and sha256 checksums of the ISO images of your favorite Linux distributions.

Verifying md5, sha1 and sha256 Checksums of ISO Images:

In this section, I will show you how to calculate the md5, sha1, and sha256 hashes of the ISO images.

For example, let’s say you have downloaded the Ubuntu Server 18.04.1 LTS ISO image. Now, you want check whether the ISO image is corrupted or not.

First, navigate to the directory where you downloaded the ISO image as follows:

$ cd ~/Downloads

As you can see, the ISO image of Ubuntu Server 18.04.1 LTS is here.

Now, to calculate the md5 hash of the ISO file, run the following command:

$ md5sum ubuntu-18.04.1-live-server-amd64.iso

As you can see, the hash of the ISO file is printed on the console.

Now, put the original md5 hash and your calculated md5 hash side by side and compare them. As you can see, they are the same in my case.

If you want to calculate the sha1 hash of the ISO file, then run the following command:

$ sha1sum ubuntu-18.04.1-live-server-amd64.iso

As you can see, the sha1 hash is calculated and printed on the console.

As you can see, the hashes again matched with the original one.

The same way, you can calculate the sha256 hash of your ISO image as follows:

$ sha256sum ubuntu-18.04.1-live-server-amd64.iso

As you can see, the sha256 hash is calculated and the hash is printed on the console.

As you can see, the hashes matched again.

You don’t have to check for every type of hash to verify the integrity of your ISO image. Checking only one type is enough.

So, that’s how you calculate the md5, sha1 and sha256 hashes of ISO images of your desired Linux distributions. Thanks for reading this article.

About the author

Shahriar Shovon

Shahriar Shovon

Freelancer & Linux System Administrator. Also loves Web API development with Node.js and JavaScript. I was born in Bangladesh. I am currently studying Electronics and Communication Engineering at Khulna University of Engineering & Technology (KUET), one of the demanding public engineering universities of Bangladesh.