Fedora-12-Alpha-x86_64-DVD.iso images were downloaded one with torrent and another with ftp. The sha1sum of these two images match each other but do not match the the one given in the Fedora-12-Alpha-x86_64-CHECKSUM file.

sha1sum given in Fedora-12-Alpha-x86_64-CHECKSUM file:
622862ad177cc115884a222b91ff21971527d3927865cd2101 db2ff02f661974 *Fedora-12-Alpha-x86_64-DVD.iso

sha1sum of downloaded images:
torrent: aae616a7715c883f49cc641024b4f7f9f3474b5d /home/TEST/f-12/Fedora-12-Alpha-x86_64-DVD.iso
ftp: aae616a7715c883f49cc641024b4f7f9f3474b5d /home/U1/Download/Fedora-12-Alpha-x86_64-DVD.iso

Is it there an error somewhere?

Regards

I think you should use "sha256sum" instead of "sha1sum".

It was like that with Fedora 11 - I haven't looked at F12 yet.

sha1sum given in Fedora-12-Alpha-x86_64-CHECKSUM file:
622862ad177cc115884a222b91ff21971527d3927865cd2101 db2ff02f661974 *Fedora-12-Alpha-x86_64-DVD.isoHello n926bb and adrianx,

Yeah, that hash is too long to be an SHA-1 hash. It's an SHA-256 hash. Here are some SHA-1 hashes from Fedora 9 for comparison to Fedora 12's SHA-256 hashes...50253a35b5ba128c9a57b2a10cbd829813fc5119 Fedora-9-i386-DVD.iso
af25833a3babe1bd943dae16a1c17cf7a9e0b767 Fedora-9-i386-disc1.iso
d4ffbe83cd75bf0153e821af98b7e56f5b4f6c32 Fedora-9-i386-disc2.iso
579702ea19a5e4114186a665735823dd4b5269b6 Fedora-9-i386-disc3.iso
368e98bf95708d040f83be975c0ede372f32d44b Fedora-9-i386-disc4.iso
67426850ce065a048d0a04eecb003b383b6f5830 Fedora-9-i386-disc5.iso
c01ccd2d3811ab1f04cacba63e51690b34629f95 Fedora-9-i386-disc6.iso
3b1df20ece05d64c34dd9c64400975b74eded0f2 Fedora-9-i386-netinst.iso

219778f65cb1f897f992d87715cbe83f17255fa184ef6e1571 584b9bb9160521 *Fedora-12-Alpha-i386-DVD.iso
bf503aa939dd2ef763676301ab1d844ef0c1c402a7ad1edd3a 01645b6943f6ad *Fedora-12-Alpha-i386-disc1.iso
b572091f5a0006a128526a989de09be6aed9ffe0e82a2a3de6 28202c7fc1decd *Fedora-12-Alpha-i386-disc2.iso
e06db217fa34dfd4fed92eb2352801f2c566c266115936904b 7abc457edceb4f *Fedora-12-Alpha-i386-disc3.iso
2bd449c9070d759c506d2402c7344f5be3fb698b60001805c0 4a746b18172d48 *Fedora-12-Alpha-i386-disc4.iso
d85961720a010bf6b4295b259c18133e4297c7f0bedc9c76d6 7b62b11c5273d5 *Fedora-12-Alpha-i386-disc5.iso
06d33ed79091a19e1504233c79888966c569b8677d22d174ab 5c403681090899 *Fedora-12-Alpha-i386-netinst.isoThe problem is that the Fedora-12-Alpha-i386-CHECKSUM file still has "Hash: SHA1" at the top of the page. It's a mistake that was acknowledged by Rahul back in April (http://forums.fedoraforum.org/showthread.php?t=219022) in the beta version of Fedora 11. It was supposed to have been fixed but it didn't happen yet. Run sha256sum on your downloaded file.

This article on "Verifying Fedora media SHA1SUM (http://fedorasolved.org/Members/opsec/verifying-fedora-media)" is for an older version of Fedora, not sure if it still holds true

http://fedorasolved.org/Members/opsec/verifying-fedora-media

Somewhere, Rahul has put that info in. The latest install notes or release notes---yes, as everyone pointed out, one now uses sha256, the sha1 is just for the signatures or something like that. :)


@stoat, I thought they clarified that on the pages, no? (goes to look) Naw, it's a bit confusing, definitely.

sha1 was Vulnerable so they changed it to sha256

Somewhere, Rahul has put that info in. The latest install notes or release notes---yes, as everyone pointed out, one now uses sha256, the sha1 is just for the signatures or something like that. :)
@stoat, I thought they clarified that on the pages, no? (goes to look) Naw, it's a bit confusing, definitely.
It got me.

Personally when they changed the hash algorithm they should've changed blah-CHECKSUM to reflect the hash is SHA-256 , leaving it as SHA1 is just confusing for everybody.

Somewhere, Rahul has put that info in. The latest install notes or release notes---yes, as everyone pointed out, one now uses sha256, the sha1 is just for the signatures or something like that.
How can one check the sha256 checksum ?

How can one check the sha256 checksum ?Hello zmdmw52,

If by that you're asking how to generate an SHA-256 hash on a downloaded ISO file, then in Linux it's done with the sha256sum command using the same syntax that you used for sha1sum. In Windows, download and install the free utility HashCalc.

Somewhere, Rahul has put that info in. The latest install notes or release notes---yes, as everyone pointed out, one now uses sha256, the sha1 is just for the signatures or something like that. :)
I found some instructions on verifying image integrity at these places:

http://fedoraproject.org/wiki/Fedora_12_Alpha_release_notes#Debugging_Informatio n_And_Performance

https://fedoraproject.org/en/verify

From the first link, it appears that SHA256 was implemented from Fedora 11 onwards, prior to that it was SHA1.