# SHA256 blank blocks FreeBSD-10.0-RELEASE-amd64-dvd1.iso



## Konkorde (Mar 5, 2014)

Hi,

This is more for the benefit of others who may encounter it.  I purchased a Release 10.0 x64 DVD from a reputable vendor, and could not get the SHA256 sum to match.  So I burned my own under Linux and got the same issue.  It seems that the .ISO file contains 150 blank blocks at the end:


```
$ wc -c FreeBSD-10.0-RELEASE-amd64-dvd1.iso
2484742144 FreeBSD-10.0-RELEASE-amd64-dvd1.iso
$ #2484742144 / 2048 = 1213253
$ isosize FreeBSD-10.0-RELEASE-amd64-dvd1.iso
2484434944
$ #2484464944 / 2048 = 1213103
$ od -j 2484434944 FreeBSD-10.0-RELEASE-amd64-dvd1.iso
$ #(Indicates all zeros)
```

`# dd if=/dev/cdrom of=freebsd_dvd_plain.iso`
Results in 1213264 blocks, SHA256 35ae65f...

`# dd if=/dev/cdrom of=freebsd_dvd_isosize.iso bs=2048 count=1213103`
Results in 1213103 blocks, SHA256 sum b2d9b6a...

`# dd if=/dev/cdrom of=freebsd_dvd_filesize.iso bs=2048 count=1213253`
Results in 1213253 blocks, correct SHA256 sum b0f25...

How common is it to post a release containing empty blocks and to include them in the checksum?


----------



## kpa (Mar 5, 2014)

Why are you trying to use the SHA256 checksum for anything else but verifying the checksum of the downloaded image file?


----------



## Konkorde (Mar 6, 2014)

kpa, I was using it to verify that the installation media was correct, since that's what's going to be actually installed.

Initially,  I planned to avoid downloading altogether by just buying an install DVD.  But when I burned my own DVD, I also wanted to check it.


----------



## kpa (Mar 6, 2014)

Well, there's your problem. The checksum only guarantees that the downloaded image file is correct and authentic. Anything beyond that is undefined behaviour because of what you just observed, the extra blocks on the image will not be read back from the written disk and won't be part of the reproduced image file.  Those who created the image files and checksums didn't mean the checksums to be used for anything else.


----------



## SirDice (Mar 6, 2014)

The ISO file is probably a little less than the size of the DVD to make sure it actually fits when you burn it. The SHA256 is made from this image not the burned one.


----------



## Konkorde (Mar 10, 2014)

I got it to work by making the sizes the same, but I disagree that a SHA256 cannot be used for any purpose other than verifying a download per se: it is a mathematical function which can be applied in many ways, and it is standard practice to use a checksum function to verify media, see for instance[1].  The media should contain the .ISO image plus  possibly some run-out tracks of zeros.

[1] https://wiki.archlinux.org/index.php/Optical_Disc_Drive#Verifying_the_burnt_ISO_image

I've recently verified installation media from several OS's this way: it is highly unusual to include padding in the .ISO file itself.


----------

