What may cause a hash mismatch and mark a downloaded file as untrusted?

A hash mismatch occurs when the calculated hash value of a downloaded file does not match the expected hash value provided by a trusted source. This is often a critical indicator that the file has been altered or corrupted in some way, which is why marking it as untrusted is a necessary security measure.

When a file changes—whether through legitimate modifications, corruption during download, or malicious tampering—the hash value derived from the file will inevitably differ from the original hash value created and shared by the source. This principle is rooted in the very nature of hashing: any minute change in the input data produces a drastically different hash output, maintaining the integrity check's reliability.

In the context of security practices, ensuring that files maintain their integrity from the moment they are created to the point of download is paramount. Any discrepancy signals risk and prompts users to discard or further investigate the source before trusting the file.