Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Would a checksum be a good way to ensure that you're getting the correct files in a situation like this?


How are you going to confirm you got the correct checksum?

Generally the solution is to get signed checksums. This comes with the usual issues of how you verify the key used to sign.

Alternatively try and distribute the checksums out-of-band. So an attacker would need to MitM two channels.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: