Short answer: For verifying ISOs, there is no practical difference, use whichever you want, as long as you trust the source providing the sums. MD5 is/used to be the standard, but the computing world is moving towards adopting SHA since it is newer and "better" for the future; hence, SHA sums are often provided as an alternative.
md5sumandsha256sumare programs which implement the MD5 and SHA-256 hash algorithms respectively- In general, a hash algorithm takes an input of any (arbitrary) length and runs mathematical computations on it to produce a relatively small, fixed-length output, called a "hash" (or "sum")
- Verifying data integrity (e.g. ISOs) is only one of the many uses for hashes
- The primary difference between the older MD5 and the newer SHA-256 hashes is that MD5 produces a 128-bit output while SHA-256 produces a 256-bit output
- For verifying data (ISOs) to work, the hash of the data must effectively be unique, so that no other data produces the same MD5 sum or SHA-256 sum.
- In theory, this is possible, i.e. two sets of input data produce the same output hash, called a "collision".
- The chance of such collisions is lower with SHA-256 compared to MD5 because its 256-bit hash is double the size of MD5's 128-bit hash.
- In practice, the chance of a collision when verifying ISOs, even with MD5 is zero given the 100+ MB size of ISOs.
- Still, since the computing world is moving towards SHA because it is a newer and "better" hash for the future, ISO checksums are often provided in multiple formats.
原文地址:https://askubuntu.com/questions/172947/what-are-the-differences-between-md5sum-and-sha256sum