SHA2-256 and SHA3-256

February 22nd, 2021

The hash values provided on downloads listing pages are hashes of the file contents, and can be used to verify you’ve downloaded matches the file we hashed. The algorithms we use are:

SHA2-256
as defined in FIPS 180
SHA3-256
as defined in FIPS 202

We also provide:

Size
The size of the file in bytes.
AWS S3 ETag
The ETag for the https download. AWS uses ETags that are derrived from the MD5 hash algorithm, but they are clearly not MD5 hash codes. Please note that the double-quote (“) is defined by the RFC as being part of the ETag.

Our database stores (s3key,size,mtime,ETag,sha2_256,sha3_256) as a tuple. When listing S3 keys (files) underneath a given prefix, if the s3 object that is listed matches on size, mtime and ETag, then the sha2_256 and sha3_256 hash codes are displayed. Otherwise they are not.

We periodically dump the database and the S3 bucket metadata underneath the hashes/ prefix.

If you are downloading a file that is a disk image, such as test_image.E01, then the hash value provided on the downloads listing is the cryptographic hash of the E01 file itself, and not of the contained disk image.

Comments are closed.