Are bunches of hackers out to get Linux users to install hacked versions? If not, why SHA256? MD5 is plenty good enough to verify a clean download, isn't it?
It only takes a few wingnuts. Something on this from an Ubuntu link: https://help.ubuntu.com/community/HowToSHA256SUM I guess in a nutshell: SHA-256 is more secure than MD5
Remember that Linux is not only used by home users, but it is also used by companies, government, researchers etc Linux home users may not be a target, but there are other targets hunted by nation-state groups . And ultimately why settle for something much worse when you can get something better?
No! When a hash function is proven to be insecure, by mathematical flaw, it is our responsibility to upgrade our practices and show others we are careful and we care about security. All hash functions between MD2 & SHA-1 (inclusive) have been adequately proven to have mathematical flaws. I sincerely hope that noteworthy organizations such as the Google owned Virus Total will discontinue the practice of using MD5/SHA-1 in their searches and analysis reports. It is most unfortunate that all necessary software/hardware upgrades have not been taken to make SHA-3 an everyday tool for IT. Pity... Yes - many still use MD5 as a cataloging tool. That isolated special use is certainly debatable. Respectfully
Link without tracking parameters: https://www.google.com/search?q=md5 vs sha256 which is more secure (thanks to uBlock Origin)