Referring to the actual ISO image, not the torrent file. I got 2 very different SHA SUMs. Can someone else check this? Could be either user error or MITM attack. OR, worst case, the torrent file is compromised.
I have not tested this on other computers/ other networks. Someone needs to check this themselves.
NOTE: I got the SAME thing from the download from the direct download.
SHA256SUM of dl’d image: 05f1af0aa27b1c6edbfef9f8b075d1ff0580ec6194eb6c54a196400001b34b47
Expected SHA256SUM: ec19ba1280e5a05b78a863f3844864a8b0a3b4336028bcfbf143ad4fda44f2c3
Can confirm beyond a reasonable doubt that either 1.) I have been attacked by an adversary or 2.) There is a serious security vulnerability or 3.) I am a moron who screwed up somehow
1 Like
http://cdimage.ubuntu.com/ubuntu-mate/releases/16.04.4/release/SHA256SUMS
http://cdimage.ubuntu.com/ubuntu-mate/releases/16.04.4/release/
05f1af0aa27b1c6edbfef9f8b075d1ff0580ec6194eb6c54a196400001b34b47
16.04.4
ec19ba1280e5a05b78a863f3844864a8b0a3b4336028bcfbf143ad4fda44f2c3
16.04
2 Likes
@lah7 heads up, website hash hasn’t been updated.
FYI, the downloaded ISO from torrent does not match the SHA256SUM as well.
It seems this is a frequent issue. Best bet is to view the list of hashes available at http://cdimage.ubuntu.com/ubuntu-mate/releases/16.04/release/SHA256SUMS and pick the correct iso filename to compare.
1 Like
@wimpy Heads up, those hashes you changed were the 16.04 ones. I’ve amended them so they’re 16.04.4. 
Human error, sorry folks! We ought to automate this process somehow. 
2 Likes
Thanks @lah7
downloaded ISO from torrent does not match the SHA256SUM as well and getting below error while booting " [Error: Invalid magic number, you need to load the kernel first]"