Michael Vincent van Rantwijk, MultiZilla wrote: > Which are you talking about here? > > If a hacker has control over a box, and is interested in distributing a > trojan, then he will most certainly know about the link fingeprinting > and change the hash code as well, or otherwise all his work is useless.
Link Fingerprints provide the greatest improvement in security when the fingerprint and the download are communicated by different means. For example, the link with the fingerprint might come in a secure email, and the download might be on a webserver. Or, the link is on www.mozilla.org, and the download is from a Russian mirror. So "the download is trojaned" does not automatically imply that the hacker has access to change the fingerprint. Gerv _______________________________________________ dev-tech-network mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-network
