[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
> I'm just asking here - other than entities (gov'ts?) targeting anonymity
> software (for now) what prevents this issue from becoming widespread?
> If I download an update from MS - how do I know it's the authentic pkg
> from the real MS? There's no authentication (or even check sums) for
> d/l Firefox, IE. Only a small % of all developers offer these
Hi, AFAIK Microsoft does an automated hash or signature check in the
background to test that your downloaded packages are unmanipulated.
Mozilla offers you md5 sums and - more recommended - sha1 sums along
with the offical key to check the integrity of downloads:
tor-talk mailing list