#DOWNLOAD WINDOWS 10 ISO FILE CHECKSUM ISO#
The attacker could still replace that public key with their own, they could still trick you into thinking the ISO is legit. Using PGP is much more secure, but not foolproof. After all, if the attacker can replace the ISO file for download they can also replace the checksum. You’ll only need to perform steps 1, 2, and 5, but the process is much more vulnerable. Similarly, some distros don’t sign their checksums with PGP. Some Linux distros may also provide SHA-1 sums, although these are even less common. We’ll primarily discuss SHA-256 sums here, although a similar process will work for MD5 sums. However, SHA-256 sums are now more frequently used by modern Linux distributions, as SHA-256 is more resistant to theoretical attacks. For example, there are several different types of checksums. Traditionally, MD5 sums have been the most popular. The process may differ a bit for different ISOs, but it usually follows that general pattern.
This confirms the ISO file hasn’t been tampered with or corrupted.
These may be two separate TXT files, or you may get a single TXT file containing both pieces of data.
The process of checking an ISO is a bit complex, so before we get into the exact steps, let’s explain exactly what the process entails: