Afternoon, all.
Mint were also the first major player to introduce sha256 as their standard for distributing isos.
Currently, in a number of areas, sha512 is being used.
SHA is an acronym for Secure Hash Algorithm, and the SHA-2 "family" as it is known was developed by USA's NSA (National Security Agency) - be reassured, or not.
If you are paranoid about getting a hacked version...
I wouldn't say "paranoid" per se, my little green friend, as I have Mild Paranoia

, perhaps "extremely security-conscious". That being said, I do not worry about checking the key signatures (and I have downloaded and installed probably 150 or so Linux Distros) unless I am suspicious by some evidence displayed that I need to follow up.
Instead, I use a 2-pronged approach with the shasums
- I verify the checksum during the download stage, using a browser addon called DownThemAll
- Following the download, if I have need to, before or after installation, I use a Utility called GTKHash, and you can read my article on it here https://www.linux.org/threads/gtkhash-–-hashing-out-the-basics.4430/
If I forget to do this, and I get as far as burning the iso to USB, with a view to install, and then think "Damn - I should check the iso", I can do it on the product on the USB stick, by using this article I wrote
https://linux.org/threads/hash-checking-rare-tips.13544/#post-45991
Cheers
Wizard