Before you even get to the point of burning a CD-ROM, it's a good idea to check whether or not the complete file downloaded properly. This policy is especially a must when it comes to large files such as ISOs for a Linux distribution. In cases like this, many FTP and web sites offer what's called a file containing what's called an MD5 checksum.

A checksum is simply the number of bits that this file is supposed to contain, but just used by itself provides no extra assurance that a file hasn't been tampered with, since anyone could just change the value stored in the checksum file. Combining MD5 with the checksum issue does add a level of security. An MD5 checksum is a 128-bit set of characters that are produced using the file's original contents, and can be reproduced just as any fingerprint can be taken twice.

So between being worried that a file hasn't fully arrived, and wanting to be sure that the file you got, say, off a mirror or a third-party site hasn't been tampered with, you can get the original MD5 checksum value from the file's main provider. Your MD5 checksum checker will then calculate the checksum that should be assigned to the file you downloaded, and compare it to the file you grabbed that contains what the MD5 checksum should be.

If they don't match, then something's wrong.

You don't need a fancy tool to check an MD5 checksum. You don't need to download anything, either. The program md5sum comes with most mainstream Linux distributions, and if it's not installed by default it's probably on your distro's CD-ROMs somewhere. First download the file itself, and then edit the corresponding file containing the MD5 checksum, or copy and paste the MD5 checksum from the web site into a file. After the MD5 checksum in the file, put the name of the file you want to check, and the path if it's not in the same directory as the MD5 checksum file.

You then use this program in the format:

md5sum --check MD5checksumfilename

The md5sum program runs a MD5 checksum on the file specified with MD5checksumfilename, and then compares its answer to the MD5 checksum in the file.

For example, I might download nethack-3.4.0-1.i386.rpm. On the site where I download this, there's a list of MD5 checksums for all of the different versions of this file, including:

20cc27bee69ba82adbd60df04efb9a7a  ./binaries/linux/nethack-3.4.0-1.i386.rpm

The left portion is the MD5 checksum, and the right portion is where this file is on their particular site. However, when I download this file, I save it just in my home directory. So I make a text file in the same directory containing only the following:

20cc27bee69ba82adbd60df04efb9a7a  nethack-3.4.0-1.i386.rpm

After I save the text file as nethacksum, I type :

md5sum --check nethacksum

The result is just what I was hoping for:

nethack-3.4.0-1.i386.rpm: OK

Next: The Burning Software »