Checksums for File Integrity

Discussions focus on the use and limitations of checksums and hashes to verify file integrity during downloads, including concerns about compromised checksums and the need for cryptographic signatures.

📉 Falling 0.5x Security

3,140

Comments

Years Active

Top Authors

#324

Topic ID

Activity Over Time

2007

2008

2009

2010

2011

2012

2013

144

2014

160

2015

200

2016

262

2017

239

2018

149

2019

166

2020

224

2021

249

2022

292

2023

271

2024

258

2025

243

2026

Top Contributors

sneak (11) Retr0id (10) icebraining (10) sp332 (10) amluto (9)

Keywords

TFA MB AI JS CRC OS MD SHA URL UDP checksum hash file sha hashes md5 files crate cryptographic verify

Sample Comments

DJBunnies • Feb 2, 2025 • View on HN

If only we had checksums or file hash integrity.

stabbles • Apr 20, 2021 • View on HN

Will they add checksums to verify the checksums?

UVB-76 • Sep 15, 2014 • View on HN

Surely this isn't a problem with checksums/hashes to verify the integrity of the files?

yomly • Jun 7, 2016 • View on HN

Doesn't a checksum verify that the file you have is the same one the distributor intends you to have?

mfer • Feb 25, 2020 • View on HN

They have checksum hashes but not crypto verifiable signatures.

closeparen • May 7, 2017 • View on HN

Were the posted checksums also replaced?

Foxboron • Jun 4, 2014 • View on HN

Couldnt this be countered by writing your own script checking the hash of the files X times a day?

jrsims • Jul 27, 2008 • View on HN

But they're adding checksums right? Anyone see any holes in that?

khedoros1 • Mar 30, 2017 • View on HN

If the binary you're downloading might have been modified, how do you know that the hash you're checking against hasn't been as well?

jhasse • Apr 27, 2019 • View on HN

You're right, I confused checksum with hash.