On 23/04/14 01:38, Richard Gaskin wrote: > I see a lot of sites that offer files to download also including an MD5 > value or other checksum, ostensibly so we can verify the integrity of > the package before running it. > > Sounds good, but if a hacker has sufficient control of a server to > replace the package, would he not also be able to update the checksums > displayed there to reflect those in his modified package? > > I like the idea of providing checksums, but I'm having a hard time > seeing the practical benefit. > > What am I missing? >
Richard, What you say is obviously true, there is no ultimate guarantee from checksums. The checksum is not useless though. It gives pretty good confidence that the file didn't get altered in transit, whether by a network error, a disk writing error, or by the intervention of a malcious actor as MITM replacing the requested file with a doctored version of their own. It may not provide ultimate trust but is better than no checks at all. Some places sign their downloads with PGP, which in theory gives a stronger guarantee of authenticity. However I think there are similar issues with that. To verify it, you must install the public key of the signer and assert (but on what basis?) that it is strongly trusted. Here too, if the malicious actor can subvert both the download file and the public key, the method fails. Most downloaders don't know anything about the signer or have prior knowledge of his/her public key and may not see anything amiss if they are somehow subverted. It gets better I suppose once you have had a trusted key in your keyring for a while and it has a good track record of vouching for software that you have confidence in. However, if the key that you originally installed and more or less blindly trusted was actually a fraud, then you are in trouble. Martin _______________________________________________ use-livecode mailing list [email protected] Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
