Verifying the Downloaded Operating System

Ok, so now you have your Raspbian image. For the sake of completeness lets verify the download (you can skip this if you can’t be bothered). Verifying the download is important for two reasons. Firstly, it makes sure the file didn’t get corrupted whilst it was downloaded. If the file got corrupted and you tried to install without knowing, at some point you would get very strange problems that might be difficult to track down. Secondly, for the security conscious amongst you, verifying the file makes sure that no malicious person has cunningly replaced the Raspbian Image with their own version whilst the file was downloading.

To verify the file, you create a checksum and compare it to the checksum of the original file posted online. A checksum works by treating the data as numbers and adding them together to get a large number. This number is generated in such a way that it is practically impossible to change the original file without also changing the checksum. The checksums used by raspberrypi.org have the funky title SHA1, and unsurprisingly, the program you use to create and check the checksum is called sha1sum.

So here we go…

Phew. No one has tried to infiltrate my home network by tampering with the Raspian Image. Hang on, though. If someone was sophisticated enough to modify the file I was downloading, perhaps they could alter the webpage that has the checksum on it and alter that too…

Series Navigation<< Getting the Operating SystemDisks and Partitions >>

One Reply to “Verifying the Downloaded Operating System”

  1. Usually don’t bother to check md5sum but decided I should as I had to pause the torrent several times. AOK. Ready for next step but I need an 8GB SD card. Could I just as easily use a microSD card in an SD adapter?

Leave a Reply

Your email address will not be published. Required fields are marked *