Comments on: How to Verify Debian and Ubuntu Packages Using MD5 Checksums

By: Ravi Saive

Ravi Saive — Fri, 25 Apr 2025 06:10:19 +0000

In reply to Mark.

@Mark,

You’re absolutely right — MD5 is considered broken for cryptographic purposes due to its vulnerability to collision attacks. However, in the context of basic file integrity checks (like confirming a file wasn’t corrupted during download), it’s still commonly used because it’s fast and widely supported.

That said, if security is a concern. like verifying package authenticity — SHA-256 or digital signatures are definitely the better route.

By: Mark

Mark — Thu, 24 Apr 2025 08:31:52 +0000

MD5 is considered deprecated due to its vulnerabilities, particularly its susceptibility to collision attacks, making it unsuitable for cryptographic purposes. It is recommended to use more secure hashing algorithms like SHA-256 instead. ( so sha256sum and sha512sum are better alternatives)

See Wikipedia

By: Aaron Kili

Aaron Kili — Tue, 11 Oct 2016 07:12:42 +0000

In reply to bushpilot.

Try to run the command below and show us the output:

sudo systemctl status -l “run-vmblock\x2dfuse.mount”

By: Aaron Kili

Aaron Kili — Tue, 11 Oct 2016 07:10:33 +0000

In reply to bushpilot.

@bushpilot

This could be caused by a possible mount problem under systemd perhaps a bug. Try to find out more from here: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1448134

By: Aaron Kili

Aaron Kili — Tue, 11 Oct 2016 06:42:13 +0000

In reply to Christopher Lee.

@christopher

Yes, it is possible, this method only works as an extra-verification measure after packages are already installed on your system.

For example apt/apt-get does that as explained here: http://superuser.com/questions/990143/how-does-apt-get-checks-for-the-integrity-of-the-files-downloaded