I don’t think that is even necessary. If you download the .torrent file from a trusted source it will already contain a secure hash of the final file. Also every piece you receive also comes with a hash that can also be verified through the .torrent file. If you don’t trust the source enough to provide a valid .torrent, I don’t see how downloading the image directly from them makes any difference.
Read more:
Official BitTorrent BEPBitTorrent V2 and SHA-256
Verifiying the checksum of an iso takes 30 seconds… You don’t need to trust anyone
I don’t think that is even necessary. If you download the .torrent file from a trusted source it will already contain a secure hash of the final file. Also every piece you receive also comes with a hash that can also be verified through the .torrent file. If you don’t trust the source enough to provide a valid .torrent, I don’t see how downloading the image directly from them makes any difference. Read more: Official BitTorrent BEP BitTorrent V2 and SHA-256
Well you do need to trust the checksum provided. That is the one you are checking against. Better would be a signature from a key you trust.
In the end a modern torrent is just a hash.
Checksum doesn’t verify authenticity. You need to verify the signature
Been on Linux 6 years, never done it. Extra steps
Length of time never means quality of decisions. Always best to validate. So easy to package up malware and farm folks bank accounts.