How to Verify a Downloaded File Has Not Been Tampered With

You download a Linux ISO from what appears to be an official mirror. The file is 4.7 GB. How do you know that every single byte is exactly what the developers intended? How do you know nobody injected malware into the mirror, swapped a dependency in transit, or that your download did not silently corrupt at byte 3,200,417? The answer is file hashing, and it is one of those fundamental security practices that every developer should understand and routinely use. What a hash function does A cryptographic hash function takes an input of any size and produces a fixed-size output, called a digest or checksum. SHA-256, for example, always produces a 64-character hexadecimal string regardless of whether the input is a 1-byte text file or a 50 GB database backup. Key properties: Deterministic : The same input always produces the same hash. Avalanche effect : Changing a single bit in the input produces a completely different hash. There is no way to predict how the output changes from looking at