Getting the wrong hashes for bitcoin core packages

0

I've been playing around learning more about Bitcoin and was following this tutorial from 21.co on digital signatures.

When I open the SHA256SUMS.asc file and try to verify the packages, I get different hashes than what's in the file.

curl -O https://bitcoin.org/bin/bitcoin-core-0.11.0.tar.gz

shasum -a 256 bitcoin-core-0.11.0.tar.gz

This gives the following output:

69b00985c84e6633cc2e518914436ce55666cc10d1edf15ee442758d9f8d5219  bitcoin-core-0.11.0.tar.gz

Which is very different from what is in the file:

c7a5e496d7c31bdc10d2c0c79dfcf9aca69f9520579917c7d3e95868b2127707  bitcoin-0.11.0-osx64.tar.gz

NOTE: I'm using a different command then what is mentioned in the tutorial for checking the hashes. shasum -a 256 instead of sha256sum.

Am I doing something wrong here?

Prem Govind

Posted 2016-01-29T00:22:06.070

Reputation: 93

Answers

3

You are hashing the 404 page returned by bitcoin.org. You can see this by running:

$ curl -s https://bitcoin.org/bin/file-does-not-exist | sha256sum
69b00985c84e6633cc2e518914436ce55666cc10d1edf15ee442758d9f8d5219  -
$ curl -s https://bitcoin.org/bin/file-does-not-exist2 | sha256sum
69b00985c84e6633cc2e518914436ce55666cc10d1edf15ee442758d9f8d5219  -

You should instead run

$ curl -O https://bitcoin.org/bin/bitcoin-core-0.10.0/bitcoin-0.10.0.tar.gz
$ sha256sum bitcoin-0.10.0.tar.gz # shasum -a 256 would also work

This gives me

a516cf6d9f58a117607148405334b35d3178df1ba1c59229609d2bcd08d30624  bitcoin-0.10.0.tar.gz

which is the SHA256SUM listed in the associated SHA256SUMS.asc file.

Nick ODell

Posted 2016-01-29T00:22:06.070

Reputation: 26 536

Asked: 2016-01-29T00:22:06.070

Viewed: 59 times

Active: 2016-01-29T01:38:53.780