Hello stackoverflow World,

I'm investigating using the miniconda package manager for the first time.

I downloaded the files from here:

As I am hoping is obvious from my title, the check sum that my machine produces using the Windows certUtil -hashfile function produces a different check sum.

Now, my main issue is what to do now...!

Do I run screaming to the hills burning all my IT kit as I go, or is there a way to get to the bottom of this?

Thanks in advance

CodePudding user response：

So interestingly, using the PowerShell approach rather than the cmd line, as specified in the miniconda download reference did result in a matching Hash key.

I thought that these were supposed to be independent of the program used to unpack the HASH...?

CodePudding user response：

hash is not a universally defined algorithm:

A hash function is any function that can be used to map data of arbitrary size to fixed-size values (https://en.wikipedia.org/wiki/Hash_function)

So when you use a program to hash a file and want to compare it to a published value, you must make sure that you are using the same hash function. In your case, the miniconda download page already clarifies that it is a SHA256 hash, which you need to specify when calling certutil.

Proof:

Without specifying the hash function (SHA1 is used and - as expected - produces a different hash value):

certutil -hashfile Miniconda3-latest-Windows-x86_64.exe
SHA1 hash of Miniconda3-latest-Windows-x86_64.exe:
0b553f6b77926db707c4406cafc612d74301b24e
CertUtil: -hashfile command completed successfully.

Specifying the correct function produces the right hash value:

certutil -hashfile Miniconda3-latest-Windows-x86_64.exe SHA256
SHA256 hash of Miniconda3-latest-Windows-x86_64.exe:
6013152b169c2c2d4bcd75bb03a1b8bf208b8545d69116a59351af695d9a0081
CertUtil: -hashfile command completed successfully.