Collaborate Disseminate
When downloading a Linux installer iso, the user is supposed to check the iso with sha or m5sum and compare the result against a checksum file, and then check the gpg signature of the checksum file.
If I understand it right, the checksum i… Continue reading Why aren’t installer isos gpg signed?
Pretty straightforward question. Take the image here:
https://i.imgur.com/oEdf6Rl.png
Does it come with a checksum, which I can verify against after I have fully downloaded the file?
This question goes for any file downloaded, and in my pa… Continue reading Do all files downloaded from the web, come with a checksum to verify the file?
When downloading files (mainly software/installers) from pages in browsers, sometimes it comes also with a cryptographic hash or a signature to verify the authenticity of a file against data manipulation (example below).
Why there isn’t … Continue reading Why there is nothing that automatically checks signatures of files downloaded in browsers? [duplicate]
I wanted to try new sha3sum so I installed libdigest-sha3-perl on Debian 10. After reading man page I quickly realized that:
sha3sum –algorithm 256 test.txt
produces similar output to sha256sum and that
sha3sum –algorithm 512 test.txt
pr… Continue reading What do algorithms `128000` and `256000` do in `sha3sum`?
I have downloaded the ISO image of Kubuntu 20.10 and installed it.
I am afraid that the ISO image may have been tainted (for example, by the NSA) to insert a backdoor into it.
As I see it, there are two ways to insert a backdoor (I mean an… Continue reading How do I know that the ISO image of the Linux distribution I have downloaded does not contain the NSA backdoor?
I am using CRC32 to verify the integrity of received UDP packets. Along with the generator polynomial, the sender will also specify how many checksums to perform on the sent data, as well as what iteration to start at in its body. How shou… Continue reading How Should Multiple Checksums Be Performed On the Same Data?
Many projects offering binaries, also offer hashes (e.g. SHA256) of those binaries, wither as .ASC files, or directly on the web page near the binary. This isn’t to protect against network-caused corruption, as that’s ensured by the TCP pr… Continue reading What’s the point of providing file checksums for verifying downloads?
On https://exiftool.org/ , there is a link to https://exiftool.org/exiftool-12.01.zip and https://exiftool.org/checksums.txt .
Both the ZIP archive and the checksum hash are hosted on the same machine. This means that an attacker who has c… Continue reading Why developers put the installer/executable and the file checksum on the same server? [duplicate]
I am new to this so please bear with me. I was downloading a VM image and I was told to check the MD5. Naturally, I did but wondered,
If a hacker would change the file to be downloaded from the site,
wouldn’t the hacker also be able… Continue reading If site provides MD5 to check file, can’t the comparison string also not be modified?
Am investigating a macOS Catalina machine that is believed to be infected with malware. Have been viewing packets with tcpdump and noticed, on connecting to any web address, there are legit packet that gets sent to the DNS server… then….. Continue reading tcpdump packets have bad and incorrect checksums on localhost, how to investigate further?