Hacker News new | past | comments | ask | show | jobs | submit login

Would a checksum be a good way to ensure that you're getting the correct files in a situation like this?



How are you going to confirm you got the correct checksum?

Generally the solution is to get signed checksums. This comes with the usual issues of how you verify the key used to sign.

Alternatively try and distribute the checksums out-of-band. So an attacker would need to MitM two channels.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: