Of course, it would be better to use sha256sum than md5sum. If they are the same, the file hasn't been tampered with. That will print the MD5 hash which the recipient can compare with the content of the md5sum.txt file that you will have published. You can then (for example) distribute that file over the Internet and the recipient can check the hash again with: md5sum Ubuntu.iso
Of course, that works with the other variants too. For example, if you have a Ubuntu ISO image you want to hash: md5sum Ubuntu.iso > md5sum.txt To create the text file, simply redirect the output to the file. Unless you have a reason to use the weaker algorithms, then SHA256 is the way to go. SHA256 is the currently recommended hash function. Its use is currently being withdrawn from the digital signature on X.509 digital certificates. It is considered stronger than MD5, but not strong enough. SHA1 was also developed in the early 1990s. MD5 was invented in the early 1990s and is considered flawed and obsolete by now. The difference between the three is the algorithm used to generate this hash. A hash is considered impossible (within the bounds of practicality) to reverse and to find two different messages with the same hash (called a collision). That tells you that they all create a message digest, which is a one-way function that takes as its argument an arbitrarily sized data and returns a fixed size hash. Sha256sum - compute and check SHA256 message digest Sha1sum - compute and check SHA1 message digest If you look at the man page for each of those, you'll see that they say: md5sum - compute and check MD5 message digest