sha256sum和 md5sum 命令之间的区别

Short answer: For verifying ISOs, there is no practical difference, use whichever you want, as long as you trust the source providing the sums. MD5 is/used to be the standard, but the computing world is moving towards adopting SHA since it is newer and "better" for the future; hence, SHA sums are often provided as an alternative.

• md5sum and sha256sum are programs which implement the MD5 and SHA-256 hash algorithms respectively
• In general, a hash algorithm takes an input of any (arbitrary) length and runs mathematical computations on it to produce a relatively small, fixed-length output, called a "hash" (or "sum")
• Verifying data integrity (e.g. ISOs) is only one of the many uses for hashes
• The primary difference between the older MD5 and the newer SHA-256 hashes is that MD5 produces a 128-bit output while SHA-256 produces a 256-bit output
• For verifying data (ISOs) to work, the hash of the data must effectively be unique, so that no other data produces the same MD5 sum or SHA-256 sum.
  • In theory, this is possible, i.e. two sets of input data produce the same output hash, called a "collision".
  • The chance of such collisions is lower with SHA-256 compared to MD5 because its 256-bit hash is double the size of MD5's 128-bit hash.
  • In practice, the chance of a collision when verifying ISOs, even with MD5 is zero given the 100+ MB size of ISOs.
• Still, since the computing world is moving towards SHA because it is a newer and "better" hash for the future, ISO checksums are often provided in multiple formats.

原文地址：https://askubuntu.com/questions/172947/what-are-the-differences-between-md5sum-and-sha256sum