It sounds weird but actually simplest of all other things. sha1, md5sum etc are well known for generating hash values(one-way encryption) to software packages or even individual files. Sometimes, a developer will use the md5sum command to generate a hash of the file. You can use this hash and the md5sum command to ensure that the file has not been altered. Easiest way to do this is to read the hash from the original developer and run md5sum against the package you downloaded. I will explain the method with a simple example.
Suppose I have with me a copy of package named foo.deb and I know the corresponding hash value from the developer itself. Somehow I learnt that foo.deb has a security problem. I wish to install the latest secure version. After downloading it, I will run md5sum against the file
user@GNULinux:~$ md5sum foo.deb
However, I notice that the developer’s md5sum value for the same program reads as follows
I should then delete the file and find another source where I can verify the md5sum hash.