The idea is that if you're paranoid and care enough to do it, you can use a utility to get the md5sum of the file you downloaded on your own machine to make sure it matches the one on the site. If it doesn't, there's been some sort of interception or man-in-the-middle attack or something. I don't really see the point and never check because when does that actually happen? Pretty much all the consumer-targeting attacks are rogueware anymore.
For a lot of files that have MD5 Check sums and Hash codes they are meant for nothing more than to verify the files contents as any changes to that file uploaded originally will have that hastag only, if it's altered in any way, shape, or form it will be different. It's really nothing more than a secure authentic verification scheme. There is a little more to it but if you're interested in learning more about hashes (and not the kind that gets you high lol) then I suggest doing some Wikipedia research for starts.
***Warning***
Any attempt to learn, understand, or comprehend encryption, cryptography, and advanced mathematics which researching will ultimately lead to, may cause intensive headaches and frustration always second guessing what you thought you understood. To this day I battle to understand the workings of cryptology and after years only understand the basic methodology.
I only ever use md5sum for things like downloading an .iso of windows, which means rarely. I only do it if it it's something like that where I really need to make sure nothing is fucked.
Actually it's mostly because an internet connection isn't always perfectly reliable, sometimes bits get lost / changed while traveling from the server to the client. Because files downloaded over HTTP and FTP protocols are not checked automatically, it is good practice to check them yourself if the file is really important. Especially with something like an OS, the error could be in a file not accessed for weeks / months, and this could give some very strange errors which are incredibly difficult to diagnose. Checking the ISO's MD5sum prevents you from wasting a perfectly good CD/DVD on a corrupted ISO. When downloading with torrents, the torrent program will automatically perform these checks.
If somebody is smart enough to hack into your server and upload a different file with malware in it, I'm betting he's smart enough to change the MD5sum provided with that file, so I don't see how it would prevent malicious intent.
Comments
***Warning***
Any attempt to learn, understand, or comprehend encryption, cryptography, and advanced mathematics which researching will ultimately lead to, may cause intensive headaches and frustration always second guessing what you thought you understood. To this day I battle to understand the workings of cryptology and after years only understand the basic methodology.
If somebody is smart enough to hack into your server and upload a different file with malware in it, I'm betting he's smart enough to change the MD5sum provided with that file, so I don't see how it would prevent malicious intent.