1

I am new to this so please bear with me. I was downloading a VM image and I was told to check the MD5. Naturally, I did but wondered,

If a hacker would change the file to be downloaded from the site, wouldn't the hacker also be able to change the checksum on the site to make the file look genuine?

If this is the case, wouldn't this defeat the purpose or is the checksum not really meant for hackers but only problematic downloads over a network?

heretoinfinity
  • 179
  • 5
  • 3
    A lot of this is leftover from earlier days of the internet when bandwidth was expensive, and HTTPs wasn't very common. Among other things, a lot of open source projects needed to (and may still) rely on **mirrors**, where someone else is hosting the actual file - the checksum is on the project site, and that page tells people "hey, to save us bandwidth costs, please download from one of these fine people". So the checksum protected against malicious mirrors. – Clockwork-Muse Apr 01 '20 at 23:31
  • 1
    Does this answer your question? [Does hashing a file from an unsigned website give a false sense of security?](https://security.stackexchange.com/questions/1687/does-hashing-a-file-from-an-unsigned-website-give-a-false-sense-of-security), [What security purpose do hashes of files serve?](https://security.stackexchange.com/questions/33154/what-security-purpose-do-hashes-of-files-serve). – Steffen Ullrich Apr 02 '20 at 05:50

1 Answers1

1

Basically yes, you’d need to pass the MD5 checksum out-of-band through some other trusted means of communications, for example that the other party sends it over registered mail or something.

So it’s mostly to check that the file you’re downloading isn’t corrupted, and it does protect against some amateurish attacks, where a script kiddie managed to change the file, but not the site where the download link resides for example.

To truly protect against an attack like this, you’d need to use private/public key pairs, compute the hash and encrypt it with your private key. That would make sure that anybody that has your public key could verify that the hash you’re comparing the file to for integrity is still the hash you published, as it would decrypt using your public key.

Stuggi
  • 176
  • 4
  • 1
    The situation is not *quite* that extreme. For instance even a difference as simple as the website and the file hosting site being on different domains and systems can make a big difference. After all, then someone would have to compromise both to get the md5 check to pass. That is typically much trickier – Conor Mancone Apr 01 '20 at 23:00
  • 1
    Also, there is often no practical point in providing an md5 checksum to protect against a corrupted download. After all https does that automatically. A simple anti-corruption checksum only matters for http/ftp downloads – Conor Mancone Apr 01 '20 at 23:01