This question already has an answer here:
- Does hashing a file from an unsigned website give a false sense of security? 11 answers
Some sites allow us to use hashes to make sure that the file we download is what it should be and that it is not tampered with.
Some sites may have their hashes on a different domain probably on a different server other than the one the download link is on, like the site for Ubuntu (This may prevent someone from hacking the site and then modifying both the download link and the hash to fool people.), but some sites like Kali Linux have the hashes on the same page as the downloads link.
Isn’t this bad? What prevents someone form modifying the hash if they can already modify the download link?