Sha256sum of 2022.05 = sha256sum of 2021.05 = false

dave_WOODS · August 6, 2022, 8:15pm

we want : a7c0afe862f6ea19a596801fc138bde0463abcbce1b753e8d5c474b506a2db2d

we get:

SHA256SUM on website doesn't match after download, but MD5 sum does

opened 03:39PM - 20 Oct 21 UTC

### Actual Behavior I'm trying to download and install Anaconda for Linux… and discovered that the SHA256 sum listed on the hashes page below doesn't match after download: https://docs.anaconda.com/anaconda/install/hashes/Anaconda3-2021.05-Linux-x86_64.sh-hash/ Anaconda.com lists sha256 sum as: 2751ab3d678ff0277ae80f9e8a74f218cfc70fe9a9cdc7bb1c137d7e47e33d53 When I download and run sha256sum I get: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 The MD5 sum does match however... In order for it to match I have to add a "-b" to run it in binary mode, this is incorrect as the instructions require the non-binary sha256sum. ### Expected Behavior I should be able to run the non-binary sha256sum instruction and the hash match what is listed online to verify download integrity. ### Steps to Reproduce Download the "Anaconda3-2021.05-Linux-x86_64.sh" and run "sha256sum" and see that the hash doesn't match. sha256sum ~/Downloads/Anaconda3-2021.05-Linux-x86_64.sh e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 /home/adam/Downloads/Anaconda3-2021.05-Linux-x86_64.sh sha256sum -b ~/Downloads/Anaconda3-2021.05-Linux-x86_64.sh 2751ab3d678ff0277ae80f9e8a74f218cfc70fe9a9cdc7bb1c137d7e47e33d53 */home/adam/Downloads/Anaconda3-2021.05-Linux-x86_64.sh ##### Anaconda or Miniconda version: Anaconda3-2021.05-Linux-x86_64.sh ##### Operating System: Ubuntu 20.04.3 LTS

ktsh.tanaka.2020 · August 7, 2022, 11:05am

dear dave_WOODS.

Thank you for posting.

We are currently starting to evaluate the results of sha256sum.
There are two types of sha256sum: Python code and Linux core tool code.
To isolate the problem, I’m doing the verification in Python code. This is because Anaconda’s basic commands are written using Python code.

If it is a download from a disguised site, we think that we are in a very dangerous situation.

Thank you for your continued support.

ktsh.tanaka.2020

dave_WOODS · August 10, 2022, 10:41am

Hi,

Update Update,
I have re-downloaded the file, I have been able to obtain an expected sha256sum the standard way (linux-core non-binary).

I apologise yet something remains to reveal,
my alert was most likely caused by interrupted downloads,
the question remains.

THIS IS NOT, SPEAKING FOR THE IDENTICAL PROBLEM RAISED AT THE LINK POSTED EARLIER.

wait… this does remain to be solved: half / broken downloads should give different sha256sum anyway, to the next: here we have a sha256sum for different broken downloads giving identical results from a version to the next on different locations of the world.

Generally speaking, I support your view of permanent sha256sum tracking from positions around the world: this WOULD be a very dangerous situation.

Have a lovely day,
Dave.