Justin Dolske wrote: > David E. Ross wrote: > > >> For example, a hash mismatch would cause the downloaded file to be >> deleted. Also a misformed hash would block downloading. Both of these >> create denial-of-service opportunities; all a hacker has to do is alter >> the hash in the anchor (link) that would be used to initiate downloading. >> > > I don't see a big problem here. If an attacker can modify a site's > download link (or the download itself), then it's already game over. > They could just point the download link at a trojan, non-existant file, > or a blob of random bits. I think you're really reaching for a problem > here... > Mhhh...wouldn't SSL solve this specific problem?
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
