undefined | Better HN

0 pointslakechfoma7y ago0 comments

Are you imparting trust on checksums downloaded from the same source page?

Not implying you are but there is plenty of software where that is how they expect users to verify the integrity of the download. Useful for checking bit errors, but in the event that someone has replaced the binary then they could probably also replace the checksum...

0 comments

swaggyBoatswain7y ago

I didnt think about that, but there's not always a reputable alternative checksum source.

I was thinking about all the times I had to download a windows ISO. And how microsoft had openly published what the checksum values were so I could verify this after downloading from a 3rd party

I would need to do more research here you make a good point

j / k navigate · click thread line to collapse

0 pointslakechfoma7y ago0 comments

Are you imparting trust on checksums downloaded from the same source page?

0 comments

swaggyBoatswain7y ago

I didnt think about that, but there's not always a reputable alternative checksum source.

I was thinking about all the times I had to download a windows ISO. And how microsoft had openly published what the checksum values were so I could verify this after downloading from a 3rd party

I would need to do more research here you make a good point

j / k navigate · click thread line to collapse