5 Dec
2016
5 Dec
'16
7:56 p.m.
Am 04.12.2016 um 05:37 schrieb Maxwell Anselm via arch-general:
You mean the source files that you downloaded and then hashed...
Yes. If the source files are being modified via a MITM attack (which is trivial if the host uses HTTP) the checksum is still useful.
The checksum that was created by zou after downloading the compromised source file. I don't see how that is useful. The checksum will always be correct and validate nothing