View Full Version : Kali 2020.2 OVA VIRTUALBOX - HASH SUM MISMATCH
Chris_Redz
2020-05-15, 20:45
after starting up Kali VM for the first time and running "apt update && apt -y full-upgrade" I get "http://kali.download/kali kali-rolling/main amd64 metasploit-framework amd64 5.0.88-0kali2 Hash Sum mismatch"
Please help me find a solution
Sources.list:
"deb http://http.kali.org/kali kali-rolling main non-free contrib"
It's July 2020 and still I haven't found a reasonable solution to this. The only way I can effectively run Kali is through an older 2018 iso and updating it from there.
I had this problem on my ubuntu laptop. Must be an external error. @metaslpoit-framework
Found the solution:
$ sudo bash
$ mkdir /etc/gcrypt
$ echo all >> /etc/gcrypt/hwf.deny
$ sudo apt-get update
Just saw this post after posting a new thread on same issue (my apologies)
whatever mirror I choose, apt reports a different hash of Packages.gz, but the actual hash from each when downloaded outside of apt matches the expected hash
apt bug?
amlamarra
2020-07-29, 12:53
Found the solution:
$ sudo bash
$ mkdir /etc/gcrypt
$ echo all >> /etc/gcrypt/hwf.deny
$ sudo apt-get update
Holy ****, this worked! What, exactly, does this do? And are there other security implications to consider?
Holy ****, this worked! What, exactly, does this do? And are there other security implications to consider?
Thank you -- this worked for me, too. I am running Kali2020.2a 64-bit on Oracle VirtualBox 6.1 and Win 10 Pro Hostt OS.
For those that are interested: https://askubuntu.com/questions/1235914/hash-sum-mismatch-error-due-to-identical-sha1-and-md5-but-different-sha256
wsleeman
2020-08-06, 04:32
Holy ****, this worked! What, exactly, does this do? And are there other security implications to consider?
All this does is disable hardware optimisation on the gcrypt library. (source: https://www.gnupg.org/%28es%29/documentation/manuals/gcrypt/Configuration.html)
wsleeman
2020-08-06, 04:35
Holy ****, this worked! What, exactly, does this do? And are there other security implications to consider?
It disables hardware optimisations on libgcrypt. (source: https://www.gnupg.org/%28es%29/documentation/manuals/gcrypt/Configuration.html)