file checksums

Paul Dupuis paul at researchware.com
Wed Apr 23 17:54:58 EDT 2014


On 4/22/2014 8:38 PM, Richard Gaskin wrote:
>
> What am I missing?
>
 Not much.

If a website is hacked then the file contents and posted checksum can be
changed and then, as you noted, the checksum is useless as a form of
security.

Checksums were originally intended for file integrity security for "man
in the middle" style hacks - where the file transfer was intercepted or
spoofed. The checksum served to provide a verification that the file
received, is in fact the file you requested and was not tampered with in
transmission. See http://en.wikipedia.org/wiki/File_verification

Practically speaking, I think with all the exploits and vulnerabilities
(especially via social engineering, i.e. phishing, etc.), that gaining
access to a target server is potentially easier these days that
man-in-the-middle style attacks, so I think your are 100% correct in
questioning that checksums value is not what it once was.

Paul Dupuis
Researchware




More information about the use-livecode mailing list