Maybe someone here can educate me on this.
When you go download something like a Linux distro, you can find a checksum next to the link, so that you can verify the integrity of the download, to check that a hacker didn't tamper with things. But here's what I don't get. If a hacker can gain access to modify or completely switch the files you download, why couldn't he gain access and change the checksum, as to fit with the files he also changed?
When you go download something like a Linux distro, you can find a checksum next to the link, so that you can verify the integrity of the download, to check that a hacker didn't tamper with things. But here's what I don't get. If a hacker can gain access to modify or completely switch the files you download, why couldn't he gain access and change the checksum, as to fit with the files he also changed?
Follow
@scarlet I don't think that it's tamper protection, they aren't signed like packages. It's just an integrity check to make sure that the image downloaded completely and that it's same as on the other side. Archives have checksums in them, images don't, burning incompletely downloaded image would be rather frustrating.
Made sense back in the days when FTP was used to download them, with modern protocols that can resume transfer and now that only few use optical media, it's just a tradition IMO.
