How do I verify downloads for correctness?

We use md5 to verify the correctness of something we have downloaded. You are always provided with the md5 fingerprint while downloading large files such as iso images for Linux distribution. It is just a line of 128 bit string. The simplest way to check this is to run the command line: md5sum <filename>. This will return a 128 bit fingerprint string. Verify this with the md5sum string provided on the website.

For example, on http://www.open.collab.net/downloads/sfee/, for CollabNet SourceForge Enterprise v5.1 Trial (VMware Player), the md5sum is provided as MD5sum: 11c42a02544def9d6880a829b677e02a. After downloading the package, verify with the md4sum command and compare the result with the provided string. If both are the same, the download is 100% correct. If they differ, there is some defect in the download or it is not complete.

Related information