I understand how it works but I don’t understand why. Let’s say I hack VLC’s website to modify their download file to add something malicious. Now the checksum of the new file is going to be different from the checksum of the website but wouldn’t I just change the checksum of the website too?
In: 6
Vlc makes software. They use a 3rd party to distribute the software to users. How do we know the 3rd party didn’t do any tampering with the software that they were given by vlc? You check the checksum! A checksum is a special number made by using math on the original program. You can download the checksum from vlc, then do the same math on the 3rd party download. If they match, you’re good.
Imagine a book. Let’s say you created a string of letters from every 100 words. That’s a kind of checksum. If someone bought a book from a publisher and wanted to verify it was that it was really written by you, they could get the checksum directly from you and follow your instructions to check every 100 characters. It’s difficult for the publisher to change significant portions of the writing without failing the checksum test
Latest Answers