how to fix hash sum mismatch

Kali Linux Hash Sum mismatch

A few days ago I got some time to set up Kali Linux on VMware everything seems fine until I tried to update it using apt-get update I get this annoying error

apt-get update
Get:1 http://kali.mirror.garr.it/mirrors/kali kali-rolling InRelease [30.5 kB]
Get:2 http://kali.mirror.garr.it/mirrors/kali kali-rolling/contrib Sources [66.1 kB]
Get:3 http://kali.mirror.garr.it/mirrors/kali kali-rolling/non-free Sources [124 kB
Get:4 http://kali.mirror.garr.it/mirrors/kali kali-rolling/main Sources [11.0 MB]
Get:4 http://kali.mirror.garr.it/mirrors/kali kali-rolling/main Sources [11.0 MB]
Err:4 http://kali.mirror.garr.it/mirrors/kali kali-rolling/main Sources

  Hash Sum mismatch

  Hashes of expected file:
   - Filesize:11015732 [weak]
   - SHA256:b20b6264d4bd5200e6e3cf319df56bd7fea9b2ff5c9dbd44f3e7e530a6e6b9e0
   - SHA1:2d8b15ab8109d678fe1810800e0be8ce3be87201 [weak]
   - MD5Sum:d0b5f94ba474b31f00f8911ac78258ec [weak]

  Hashes of received file:
   - SHA256:a7b9ca82fc1a400b2e81b2ebc938542abfdbfa5aecdfa8744f60571746ec967b
   - SHA1:5d870530aa87398dcb11ecb07e6a25ca0746985f [weak]
   - MD5Sum:9a4824220c0a5fa6cb74390851116b73 [weak]
   - Filesize:9828918 [weak]

  Last modification reported: Wed, 23 Dec 2015 00:03:15 +0000

  Release file created at: Thu, 01 Jun 2017 12:15:05 +0000

Get:5 http://kali.mirror.garr.it/mirrors/kali kali-rolling/main i386 Packages [15.0 MB]
Get:6 http://kali.mirror.garr.it/mirrors/kali kali-rolling/contrib i386 Packages [98.7 kB]
Get:7 http://kali.mirror.garr.it/mirrors/kali kali-rolling/non-free i386 Packages [145 kB]
Fetched 25.3 MB in 11min 20s (37.2 kB/s)                              

Reading package lists... Done

E: Failed to fetch http://kali.mirror.garr.it/mirrors/kali/dists/kali-rolling/main/source/Sources.gz  Hash Sum mismatch

   Hashes of expected file:
    - Filesize:11015732 [weak]
    - SHA256:b20b6264d4bd5200e6e3cf319df56bd7fea9b2ff5c9dbd44f3e7e530a6e6b9e
    - SHA1:2d8b15ab8109d678fe1810800e0be8ce3be87201 [weak]
    - MD5Sum:d0b5f94ba474b31f00f8911ac78258ec [weak]

   Hashes of received file:
    - SHA256:a7b9ca82fc1a400b2e81b2ebc938542abfdbfa5aecdfa8744f60571746ec967b
    - SHA1:5d870530aa87398dcb11ecb07e6a25ca0746985f [weak]
    - MD5Sum:9a4824220c0a5fa6cb74390851116b73 [weak]
    - Filesize:9828918 [weak]
   Last modification reported: Wed, 23 Dec 2015 00:03:15 +0000

   Release file created at: Thu, 01 Jun 2017 12:15:05 +0000

E: Some index files failed to download. They have been ignored, or old ones used instead.

the problem clearly must be in the sources.list file of Kali Linux … I have tried to fix it in many ways but I always end up where I started Hash Sum mismatch is showing up over and over, things seem too complicated for me but the fix was simple really simple ! and here it is,
update your Repositories in sources.list file to :

deb http://http.kali.org/kali kali-rolling main non-free contrib

Save and close the file
Clean, update, upgrade and dist-upgrade your Kali installation

apt-get clean && apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y

apt-get hash sum mismatch

It is estimated that many people have encountered this problem.

The main idea is: some of the network providers you use will set up some transparent caches to increase the internal speed of the network and reduce the traffic of exports. Some files you obtain are not real files on the source server, but are obtained from the cache When some of the verification information obtained in the cache is inconsistent with the source, it naturally prompts that the verification has failed and cannot be updated.

This problem is actually related to the format design of the apt software repository. The newly released version of the software warehouse is updated more frequently. The files in the cache should be updated synchronously. Unfortunately, because of the speed of multiple mirror sites, the cache cannot guarantee consistency.
When the network provider is strong enough to not set up a transparent cache, this problem does not exist. This is why some people report that the use of wireless network cards (mobile, Unicom’s 3g network) is all OK, and it is not enough to switch back to Great Wall Broadband or Broadband.

The above is the real cause of the problem.

My home network is broadband communication, there is no doubt that this network ISP will definitely set up transparent cache.
The solution is simple, just bypass the cache and go directly to the site.
How to bypass this cache set by ISP is the same as bypassing the Great Wall firewall.
I found a free ssh service proxy,
and then installed a proxychains, set up your proxy in /etc/proxychians.conf to
use proxychains sudo apt-get update to

update normally (no matter which source you update, domestic or foreign)

if You don’t think the proxy is fast enough, just update the source index and sudo apt-ge install xxx directly when installing the software. There is no problem installing various software in the software center.

The fundamental solution to this problem is related to the format design of the apt repository.
However, ISPs in Europe and the United States seem to have good networks and fewer caches. There are not many people who raise this issue. Therefore, it is unpredictable whether they will improve the design.

There is another situation that will naturally be resolved, that is, after the source index is gradually stabilized, your ISP’s cache will be consistent with the real data, and the update will naturally be fine.
It must be updated frequently when new versions are released. It is estimated that most of the new version control cannot wait.

The above is about the real cause of Hash Sum mismatch problem when updating the source index, and the solution, I hope it will be helpful to all friends