Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
If a Hacker can edit download link, they can edit your SHA256 hash
2 points by hellbanner on Dec 20, 2017 | hide | past | favorite | 2 comments
Why do websites list SHA256 hashes next to their download links? If 1 is compromised, the other could be too?


You could always check the SHA256 from a separate device on separate network, ie your smartphone.


Original poster is suggesting that if one can change the downloaded file on the source location, then the same person can update the SHA256 string used to "guarantee authenticity". They're not suggesting a MTM style attack where one changes the string mid flight.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: