Hash doesn´t match MD5, Sha-1, -256, -512 neon 20191107-1116
Page 1 of 1 (14 posts)
Tags:
None
Registered Member 
|
I m using Checksum utillity 2.1
Results: neon-user-20191107-1116.iso.sig MD5 Checksum: 5802A65DDDCBA956D268D1C7D10D142E SHA-1 Checksum: BE4400799D11B354A5BDDE5D6F577D3F93F32CCE SHA-256 Checksum: 728061FB75360B726C5FEDA1EF12E08A0D074B30A35D4B3DE86E673205FB9843 SHA-512 Checksum: ECFE3DA43840AFDF74D48148A82D28D6B10D2C5B0506D426D7758C6DF7FDB479B28F82ED51204001F779FCEB9ED2986DA8541562D634DC2CF34CC40FD7E6F120 Generated by MD5 & SHA Checksum Utility @ http://raylin.wordpress.com/downloads/m ... um-utility and, neon-user-20191107-1116.iso MD5 Checksum: A48D667FDE9B6D131D4C1C9B65D8728E SHA-1 Checksum: D6AC9F989D40325C3CD908F577CD295E016403EC SHA-256 Checksum: EF3B725B0C3E7F2FA69BE28CE030870E8C063399B98BA3879541B95D4000E11D SHA-512 Checksum: 67AFC6284D5A787C4DF975CD7D466DF53AE08FF5A4D6EBD65A7AD52304AD5DF0D57D731EFD02E60C4C17A72DE609A7588AC13DDD49F85E2E8296279A7F1CA5B6 Generated by MD5 & SHA Checksum Utility @ http://raylin.wordpress.com/downloads/m ... um-utility Can anyone explain this? Thanks |
Registered Member
|
What operating system are you using?
If you already have Neon installed you will find a checksum utility already built into "properties". neon-user-20191107-1116.iso.sig https://files.kde.org/neon/images/user/ ... mirrorlist neon-user-20191107-1116.iso https://files.kde.org/neon/images/user/ ... mirrorlist
Acer Aspire TC-120 Desktop. 8GB RAM.
|
|
Registered Member
|
Thanks for your answer. I downloaded Kde Neon in windows 10, to make a bootable USB to install KDE neon on another hard drive. I downloaded the image from the official website of Kde Neon. And I also downloaded the PGP signature for verification that the same official website of kde neon offers. When I used the Checksum utility, I got the data I showed in the first post, and obviously didn´t match. https://neon.kde.org/download I am comparing the hash checksum of iso.sig with those of iso. Is it correct, or am I making a mistake? |
|
Registered Member
|
The hash of each should be different. Your hash of iso is correct, but the hash of iso.sig is incorrect. iso.sig SHA-256 Hash: 3ff29d3b4fd35b5909ff92b85f93e891962e0c3c53796b96230558958094ada8 SHA-1 Hash: ded6b68c5d15f065268ac5f7d3788f1f908174d4 MD5 Hash: 0b396bb579174a2494cdade9d8446abe
Acer Aspire TC-120 Desktop. 8GB RAM.
|
|
Registered Member
|
thanks again. So, .iso hashs are not comparable to iso.sig hashs ... ok, I didn't know this. Now, you say that the hashes of iso.sig that I have obtained using checksum utility, from the iso.sig of the official website of kde neon are incorrect, how do you understand if I have obtained them from the official website? |
|
Registered Member
|
I have just downloaded the iso.sig file and the hash I got is the same as my earlier post and matches the results in the link that I posted.
You should be getting the same result ?  You will need PGP sofware to use the PGP sig file. You don't have to use the PGP file, it is just another way of checking the iso for security reasons.
Last edited by xanadux on Tue Nov 12, 2019 12:40 am, edited 1 time in total.
Acer Aspire TC-120 Desktop. 8GB RAM.
|
|
Registered Member
|
I downloaded the file iso.sig from web kde neon, and I used this file in the MD5 & SHA Checksum Utility 2.1. This checksum utility gave me those data of hash i posted in first post. Maybe this checksum utility 2.1 is not prepare for files iso.sig. I dont know. Tomorrow i will check again all. When i have the data i will send you the results. Thanks again. |
Registered Member
|
You don't find hashes for the .iso.sig files, these files contain the hashes for the .iso files. You first get the hashes for the .iso file, then you compare them with the expected hashes in the .iso.sig file (which are used for this verification). If the hashes match, then your .iso download is good.
Currently running KDE Neon 5.22.5 and 5.19.4 (with Windows 10 in a VM); migrated from Linux Mint 17.3
|
|
Registered Member
|
The hashes for the .iso.sig files are available if you want them. Link: https://files.kde.org/neon/images/user/ ... mirrorlist
Acer Aspire TC-120 Desktop. 8GB RAM.
|
|
Registered Member
|
Now, the MD5 & SHA Checksum Utility using the PGP sig file of Kde Neon web, gave me the same results you posted. Something changed. |
|
Registered Member
|
It seems that you have another idea regarding the iso.sig: this is what I thought at the beginning, but now the values do not matter to those published by Xanadux. That is, the values of the Checksum that are obtained with the iso.sig do not match the values of iso. But they do match the values that Xanadux provides. What I still don't understand is what the iso.sig values are for. |
|
Registered Member
|
The iso.sig values are a way to see if the iso.sig file itself has become broken or changed in someway during transfer across the Internet. Once you are happy that it is undamaged, then you can use it with your PGP software and it will decrypt the information inside the file to verify if the operating system iso is genuine. If you don't have PGP encryption software or don't know how to use it, just verify the OS iso with these hash values below:
https://files.kde.org/neon/images/user/ ... mirrorlist https://www.howtogeek.com/246332/how-to ... ered-with/ https://en.wikipedia.org/wiki/Pretty_Good_Privacy
Acer Aspire TC-120 Desktop. 8GB RAM.
|
|
Registered Member
|
So, in conclusion: 1. The checksum of iso and iso.sig files are not equal. 2. To know the checksum the iso.sig I must have a program that analyzes encrypted files. Thank you for your effort and time to explain the issue. With more time I will study in more detail the last two links you put. |
|
Registered Member
|
Correct. If you decide to use PGP software you will also need the "Public Key" which is also available on the download page. 
Acer Aspire TC-120 Desktop. 8GB RAM.
|
Page 1 of 1 (14 posts)
Bookmarks
Who is online
Registered users: Bing [Bot], Google [Bot], Sogou [Bot], Yahoo [Bot]
