Referring to the actual ISO image, not the torrent file. I got 2 very different SHA SUMs. Can someone else check this? Could be either user error or MITM attack. OR, worst case, the torrent file is compromised.
I have not tested this on other computers/ other networks. Someone needs to check this themselves.
NOTE: I got the SAME thing from the download from the direct download.
SHA256SUM of dl’d image: 05f1af0aa27b1c6edbfef9f8b075d1ff0580ec6194eb6c54a196400001b34b47
Expected SHA256SUM: ec19ba1280e5a05b78a863f3844864a8b0a3b4336028bcfbf143ad4fda44f2c3
Can confirm beyond a reasonable doubt that either 1.) I have been attacked by an adversary or 2.) There is a serious security vulnerability or 3.) I am a moron who screwed up somehow
@lah7 heads up, website hash hasn’t been updated.
FYI, the downloaded ISO from torrent does not match the SHA256SUM as well.
It seems this is a frequent issue. Best bet is to view the list of hashes available at http://cdimage.ubuntu.com/ubuntu-mate/releases/16.04/release/SHA256SUMS and pick the correct iso filename to compare.
Human error, sorry folks! We ought to automate this process somehow.