Is there any reason to verify a download checksum over HTTPS





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







2















Assuming that both the page linking the download, and the download itself are on trusted domains over HTTPS, is there any reason to worry about checking the hash/checksum of the downloaded file (especially executables/installers, which are also not themselves signed by something the OS trusts)?



As I understand it the reason to do so is to catch download errors (although TCP should do this?) or malicious attacks infecting the files.



But HTTPS (TLS) should already provide full protection from those, so is there any further value in manual validation?










share|improve this question





























    2















    Assuming that both the page linking the download, and the download itself are on trusted domains over HTTPS, is there any reason to worry about checking the hash/checksum of the downloaded file (especially executables/installers, which are also not themselves signed by something the OS trusts)?



    As I understand it the reason to do so is to catch download errors (although TCP should do this?) or malicious attacks infecting the files.



    But HTTPS (TLS) should already provide full protection from those, so is there any further value in manual validation?










    share|improve this question

























      2












      2








      2


      1






      Assuming that both the page linking the download, and the download itself are on trusted domains over HTTPS, is there any reason to worry about checking the hash/checksum of the downloaded file (especially executables/installers, which are also not themselves signed by something the OS trusts)?



      As I understand it the reason to do so is to catch download errors (although TCP should do this?) or malicious attacks infecting the files.



      But HTTPS (TLS) should already provide full protection from those, so is there any further value in manual validation?










      share|improve this question














      Assuming that both the page linking the download, and the download itself are on trusted domains over HTTPS, is there any reason to worry about checking the hash/checksum of the downloaded file (especially executables/installers, which are also not themselves signed by something the OS trusts)?



      As I understand it the reason to do so is to catch download errors (although TCP should do this?) or malicious attacks infecting the files.



      But HTTPS (TLS) should already provide full protection from those, so is there any further value in manual validation?







      download https tls data-integrity






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Jul 5 '17 at 1:07









      Fire LancerFire Lancer

      59021222




      59021222






















          2 Answers
          2






          active

          oldest

          votes


















          5














          I wouldn't think HTTPS would catch either of those. AFAIK HTTPS offers no additional protection from corruption over TCP.



          I'm no security expert, but I know that TLS (HTTPS) does these 2 things:




          1. Verifies that the server you are connecting to is actually who they say they are.

            For example if you type in https://microsoft.com and your traffic gets sent to https://badguys.com instead without your knowledge (DNS spoofing), you'll get a certificate error. Sure the bad guys could create a fake certificate on https://badguys.com that claims to be https://microsoft.com, but it won't be signed by a valid certificate authority.

          2. Encrypts the traffic so that it cannot be read/altered by a Man-in-the-middle attack (MITM). In this scenario, someone can see all your network traffic. If you weren't using TLS they could detect a GET request and start sending you fake data, in place of the real data from the web server.


          Back on the topic of downloads, many sites distribute their large downloads to mirrors. If the mirror is compromised, the file can be replaced with a malicious version. Even if the mirror uses TLS, if it was hacked or wrongfully added to the mirror list, you can be downloading a malicious version from a HTTPS site. And of course if this happens, they will update the checksum on the mirror.



          This is why you should never verify a download against a checksum from a mirror, only use the checksum from the original site (as per this question).






          share|improve this answer


























          • But how could corruption or a malicous edit possibly occur without breaking the TLS encryption and checksums, either causing a retransmit or failing the connection? In the same manner I cant just edit your "send payment" post to add some extra zeros (e.g. £5.00 -> £5000), while the TCP checksum can be forged or easily collide. Or are you saying it only matters when the download is a seperate mirror (and maybe that server itself is compromised)?

            – Fire Lancer
            Jul 5 '17 at 12:22













          • The latter is correct. I've written the answer with more detail.

            – Ian
            Jul 5 '17 at 20:30



















          1














          Adding to Ian's response.



          In a MITM attack, the man-in-the-middle won't be able to change the payload to something malicious, hence the checksum is useless.



          If the MITM has root certs installed on client's machine, or is somehow able to manipulate the connection, then checksums are ALSO useless, because he can change the checksums that are displayed.



          Against a server attack, the same thing should happen, if he already has access to the server, he will be able to change the checksum. But, if the server is split (download server and a server to show the download link/checksum), then it would be better to provide a checksum.



          So I think the rule of thumb is: if the server that is displaying the checksum is the same that provides the download file, then the checksum is useless. If you have multiple mirrors, it's a must.






          share|improve this answer
























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "3"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1225749%2fis-there-any-reason-to-verify-a-download-checksum-over-https%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            5














            I wouldn't think HTTPS would catch either of those. AFAIK HTTPS offers no additional protection from corruption over TCP.



            I'm no security expert, but I know that TLS (HTTPS) does these 2 things:




            1. Verifies that the server you are connecting to is actually who they say they are.

              For example if you type in https://microsoft.com and your traffic gets sent to https://badguys.com instead without your knowledge (DNS spoofing), you'll get a certificate error. Sure the bad guys could create a fake certificate on https://badguys.com that claims to be https://microsoft.com, but it won't be signed by a valid certificate authority.

            2. Encrypts the traffic so that it cannot be read/altered by a Man-in-the-middle attack (MITM). In this scenario, someone can see all your network traffic. If you weren't using TLS they could detect a GET request and start sending you fake data, in place of the real data from the web server.


            Back on the topic of downloads, many sites distribute their large downloads to mirrors. If the mirror is compromised, the file can be replaced with a malicious version. Even if the mirror uses TLS, if it was hacked or wrongfully added to the mirror list, you can be downloading a malicious version from a HTTPS site. And of course if this happens, they will update the checksum on the mirror.



            This is why you should never verify a download against a checksum from a mirror, only use the checksum from the original site (as per this question).






            share|improve this answer


























            • But how could corruption or a malicous edit possibly occur without breaking the TLS encryption and checksums, either causing a retransmit or failing the connection? In the same manner I cant just edit your "send payment" post to add some extra zeros (e.g. £5.00 -> £5000), while the TCP checksum can be forged or easily collide. Or are you saying it only matters when the download is a seperate mirror (and maybe that server itself is compromised)?

              – Fire Lancer
              Jul 5 '17 at 12:22













            • The latter is correct. I've written the answer with more detail.

              – Ian
              Jul 5 '17 at 20:30
















            5














            I wouldn't think HTTPS would catch either of those. AFAIK HTTPS offers no additional protection from corruption over TCP.



            I'm no security expert, but I know that TLS (HTTPS) does these 2 things:




            1. Verifies that the server you are connecting to is actually who they say they are.

              For example if you type in https://microsoft.com and your traffic gets sent to https://badguys.com instead without your knowledge (DNS spoofing), you'll get a certificate error. Sure the bad guys could create a fake certificate on https://badguys.com that claims to be https://microsoft.com, but it won't be signed by a valid certificate authority.

            2. Encrypts the traffic so that it cannot be read/altered by a Man-in-the-middle attack (MITM). In this scenario, someone can see all your network traffic. If you weren't using TLS they could detect a GET request and start sending you fake data, in place of the real data from the web server.


            Back on the topic of downloads, many sites distribute their large downloads to mirrors. If the mirror is compromised, the file can be replaced with a malicious version. Even if the mirror uses TLS, if it was hacked or wrongfully added to the mirror list, you can be downloading a malicious version from a HTTPS site. And of course if this happens, they will update the checksum on the mirror.



            This is why you should never verify a download against a checksum from a mirror, only use the checksum from the original site (as per this question).






            share|improve this answer


























            • But how could corruption or a malicous edit possibly occur without breaking the TLS encryption and checksums, either causing a retransmit or failing the connection? In the same manner I cant just edit your "send payment" post to add some extra zeros (e.g. £5.00 -> £5000), while the TCP checksum can be forged or easily collide. Or are you saying it only matters when the download is a seperate mirror (and maybe that server itself is compromised)?

              – Fire Lancer
              Jul 5 '17 at 12:22













            • The latter is correct. I've written the answer with more detail.

              – Ian
              Jul 5 '17 at 20:30














            5












            5








            5







            I wouldn't think HTTPS would catch either of those. AFAIK HTTPS offers no additional protection from corruption over TCP.



            I'm no security expert, but I know that TLS (HTTPS) does these 2 things:




            1. Verifies that the server you are connecting to is actually who they say they are.

              For example if you type in https://microsoft.com and your traffic gets sent to https://badguys.com instead without your knowledge (DNS spoofing), you'll get a certificate error. Sure the bad guys could create a fake certificate on https://badguys.com that claims to be https://microsoft.com, but it won't be signed by a valid certificate authority.

            2. Encrypts the traffic so that it cannot be read/altered by a Man-in-the-middle attack (MITM). In this scenario, someone can see all your network traffic. If you weren't using TLS they could detect a GET request and start sending you fake data, in place of the real data from the web server.


            Back on the topic of downloads, many sites distribute their large downloads to mirrors. If the mirror is compromised, the file can be replaced with a malicious version. Even if the mirror uses TLS, if it was hacked or wrongfully added to the mirror list, you can be downloading a malicious version from a HTTPS site. And of course if this happens, they will update the checksum on the mirror.



            This is why you should never verify a download against a checksum from a mirror, only use the checksum from the original site (as per this question).






            share|improve this answer















            I wouldn't think HTTPS would catch either of those. AFAIK HTTPS offers no additional protection from corruption over TCP.



            I'm no security expert, but I know that TLS (HTTPS) does these 2 things:




            1. Verifies that the server you are connecting to is actually who they say they are.

              For example if you type in https://microsoft.com and your traffic gets sent to https://badguys.com instead without your knowledge (DNS spoofing), you'll get a certificate error. Sure the bad guys could create a fake certificate on https://badguys.com that claims to be https://microsoft.com, but it won't be signed by a valid certificate authority.

            2. Encrypts the traffic so that it cannot be read/altered by a Man-in-the-middle attack (MITM). In this scenario, someone can see all your network traffic. If you weren't using TLS they could detect a GET request and start sending you fake data, in place of the real data from the web server.


            Back on the topic of downloads, many sites distribute their large downloads to mirrors. If the mirror is compromised, the file can be replaced with a malicious version. Even if the mirror uses TLS, if it was hacked or wrongfully added to the mirror list, you can be downloading a malicious version from a HTTPS site. And of course if this happens, they will update the checksum on the mirror.



            This is why you should never verify a download against a checksum from a mirror, only use the checksum from the original site (as per this question).







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Jul 5 '17 at 20:30

























            answered Jul 5 '17 at 1:14









            IanIan

            802411




            802411













            • But how could corruption or a malicous edit possibly occur without breaking the TLS encryption and checksums, either causing a retransmit or failing the connection? In the same manner I cant just edit your "send payment" post to add some extra zeros (e.g. £5.00 -> £5000), while the TCP checksum can be forged or easily collide. Or are you saying it only matters when the download is a seperate mirror (and maybe that server itself is compromised)?

              – Fire Lancer
              Jul 5 '17 at 12:22













            • The latter is correct. I've written the answer with more detail.

              – Ian
              Jul 5 '17 at 20:30



















            • But how could corruption or a malicous edit possibly occur without breaking the TLS encryption and checksums, either causing a retransmit or failing the connection? In the same manner I cant just edit your "send payment" post to add some extra zeros (e.g. £5.00 -> £5000), while the TCP checksum can be forged or easily collide. Or are you saying it only matters when the download is a seperate mirror (and maybe that server itself is compromised)?

              – Fire Lancer
              Jul 5 '17 at 12:22













            • The latter is correct. I've written the answer with more detail.

              – Ian
              Jul 5 '17 at 20:30

















            But how could corruption or a malicous edit possibly occur without breaking the TLS encryption and checksums, either causing a retransmit or failing the connection? In the same manner I cant just edit your "send payment" post to add some extra zeros (e.g. £5.00 -> £5000), while the TCP checksum can be forged or easily collide. Or are you saying it only matters when the download is a seperate mirror (and maybe that server itself is compromised)?

            – Fire Lancer
            Jul 5 '17 at 12:22







            But how could corruption or a malicous edit possibly occur without breaking the TLS encryption and checksums, either causing a retransmit or failing the connection? In the same manner I cant just edit your "send payment" post to add some extra zeros (e.g. £5.00 -> £5000), while the TCP checksum can be forged or easily collide. Or are you saying it only matters when the download is a seperate mirror (and maybe that server itself is compromised)?

            – Fire Lancer
            Jul 5 '17 at 12:22















            The latter is correct. I've written the answer with more detail.

            – Ian
            Jul 5 '17 at 20:30





            The latter is correct. I've written the answer with more detail.

            – Ian
            Jul 5 '17 at 20:30













            1














            Adding to Ian's response.



            In a MITM attack, the man-in-the-middle won't be able to change the payload to something malicious, hence the checksum is useless.



            If the MITM has root certs installed on client's machine, or is somehow able to manipulate the connection, then checksums are ALSO useless, because he can change the checksums that are displayed.



            Against a server attack, the same thing should happen, if he already has access to the server, he will be able to change the checksum. But, if the server is split (download server and a server to show the download link/checksum), then it would be better to provide a checksum.



            So I think the rule of thumb is: if the server that is displaying the checksum is the same that provides the download file, then the checksum is useless. If you have multiple mirrors, it's a must.






            share|improve this answer




























              1














              Adding to Ian's response.



              In a MITM attack, the man-in-the-middle won't be able to change the payload to something malicious, hence the checksum is useless.



              If the MITM has root certs installed on client's machine, or is somehow able to manipulate the connection, then checksums are ALSO useless, because he can change the checksums that are displayed.



              Against a server attack, the same thing should happen, if he already has access to the server, he will be able to change the checksum. But, if the server is split (download server and a server to show the download link/checksum), then it would be better to provide a checksum.



              So I think the rule of thumb is: if the server that is displaying the checksum is the same that provides the download file, then the checksum is useless. If you have multiple mirrors, it's a must.






              share|improve this answer


























                1












                1








                1







                Adding to Ian's response.



                In a MITM attack, the man-in-the-middle won't be able to change the payload to something malicious, hence the checksum is useless.



                If the MITM has root certs installed on client's machine, or is somehow able to manipulate the connection, then checksums are ALSO useless, because he can change the checksums that are displayed.



                Against a server attack, the same thing should happen, if he already has access to the server, he will be able to change the checksum. But, if the server is split (download server and a server to show the download link/checksum), then it would be better to provide a checksum.



                So I think the rule of thumb is: if the server that is displaying the checksum is the same that provides the download file, then the checksum is useless. If you have multiple mirrors, it's a must.






                share|improve this answer













                Adding to Ian's response.



                In a MITM attack, the man-in-the-middle won't be able to change the payload to something malicious, hence the checksum is useless.



                If the MITM has root certs installed on client's machine, or is somehow able to manipulate the connection, then checksums are ALSO useless, because he can change the checksums that are displayed.



                Against a server attack, the same thing should happen, if he already has access to the server, he will be able to change the checksum. But, if the server is split (download server and a server to show the download link/checksum), then it would be better to provide a checksum.



                So I think the rule of thumb is: if the server that is displaying the checksum is the same that provides the download file, then the checksum is useless. If you have multiple mirrors, it's a must.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Feb 2 at 23:45









                Lucca FerriLucca Ferri

                1111




                1111






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Super User!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1225749%2fis-there-any-reason-to-verify-a-download-checksum-over-https%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Plaza Victoria

                    Puebla de Zaragoza

                    Musa