How does verifying the checksum confirm the integrity of a downloaded file, when it’s posted on the same website the file came from?
In: 27
You’re asking how to secure trust in a zero trust environment, and I don’t know how to ELI5 it.
You trust someone. And that someone provides you with the checksum of the file. So now you’re able to use that checksum to verify your trust in a file shared by anyone else.
If you don’t trust the person offering the checksum, then all it does is confirm that you got the same version as they had. No download glitch. No technical errors when sending the file to you. But still not a file you can clearly trust.
Latest Answers