Is there any reason to verify a download checksum over HTTPS
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
Assuming that both the page linking the download, and the download itself are on trusted domains over HTTPS, is there any reason to worry about checking the hash/checksum of the downloaded file (especially executables/installers, which are also not themselves signed by something the OS trusts)?
As I understand it the reason to do so is to catch download errors (although TCP should do this?) or malicious attacks infecting the files.
But HTTPS (TLS) should already provide full protection from those, so is there any further value in manual validation?
download https tls data-integrity
asked Jul 5 '17 at 1:07
Fire LancerFire Lancer
59021222
add a comment |
Assuming that both the page linking the download, and the download itself are on trusted domains over HTTPS, is there any reason to worry about checking the hash/checksum of the downloaded file (especially executables/installers, which are also not themselves signed by something the OS trusts)?
As I understand it the reason to do so is to catch download errors (although TCP should do this?) or malicious attacks infecting the files.
But HTTPS (TLS) should already provide full protection from those, so is there any further value in manual validation?
download https tls data-integrity
asked Jul 5 '17 at 1:07
Fire LancerFire Lancer
59021222
add a comment |
Assuming that both the page linking the download, and the download itself are on trusted domains over HTTPS, is there any reason to worry about checking the hash/checksum of the downloaded file (especially executables/installers, which are also not themselves signed by something the OS trusts)?
As I understand it the reason to do so is to catch download errors (although TCP should do this?) or malicious attacks infecting the files.
But HTTPS (TLS) should already provide full protection from those, so is there any further value in manual validation?
download https tls data-integrity
asked Jul 5 '17 at 1:07
Fire LancerFire Lancer
59021222
Assuming that both the page linking the download, and the download itself are on trusted domains over HTTPS, is there any reason to worry about checking the hash/checksum of the downloaded file (especially executables/installers, which are also not themselves signed by something the OS trusts)?
As I understand it the reason to do so is to catch download errors (although TCP should do this?) or malicious attacks infecting the files.
But HTTPS (TLS) should already provide full protection from those, so is there any further value in manual validation?
download https tls data-integrity
download https tls data-integrity
asked Jul 5 '17 at 1:07
Fire LancerFire Lancer
59021222
asked Jul 5 '17 at 1:07
Fire LancerFire Lancer
59021222
asked Jul 5 '17 at 1:07
Fire LancerFire Lancer
59021222
asked Jul 5 '17 at 1:07
Fire LancerFire Lancer
59021222
asked Jul 5 '17 at 1:07
Fire LancerFire Lancer
59021222
59021222
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
I wouldn't think HTTPS would catch either of those. AFAIK HTTPS offers no additional protection from corruption over TCP.
I'm no security expert, but I know that TLS (HTTPS) does these 2 things:
- Verifies that the server you are connecting to is actually who they say they are.
For example if you type in https://microsoft.com and your traffic gets sent to https://badguys.com instead without your knowledge (DNS spoofing), you'll get a certificate error. Sure the bad guys could create a fake certificate on https://badguys.com that claims to be https://microsoft.com, but it won't be signed by a valid certificate authority. - Encrypts the traffic so that it cannot be read/altered by a Man-in-the-middle attack (MITM). In this scenario, someone can see all your network traffic. If you weren't using TLS they could detect a
GETrequest and start sending you fake data, in place of the real data from the web server.
Back on the topic of downloads, many sites distribute their large downloads to mirrors. If the mirror is compromised, the file can be replaced with a malicious version. Even if the mirror uses TLS, if it was hacked or wrongfully added to the mirror list, you can be downloading a malicious version from a HTTPS site. And of course if this happens, they will update the checksum on the mirror.
This is why you should never verify a download against a checksum from a mirror, only use the checksum from the original site (as per this question).
answered Jul 5 '17 at 1:14
IanIan
802411
But how could corruption or a malicous edit possibly occur without breaking the TLS encryption and checksums, either causing a retransmit or failing the connection? In the same manner I cant just edit your "send payment" post to add some extra zeros (e.g. £5.00 -> £5000), while the TCP checksum can be forged or easily collide. Or are you saying it only matters when the download is a seperate mirror (and maybe that server itself is compromised)?
– Fire Lancer
Jul 5 '17 at 12:22
The latter is correct. I've written the answer with more detail.
– Ian
Jul 5 '17 at 20:30
add a comment |
Adding to Ian's response.
In a MITM attack, the man-in-the-middle won't be able to change the payload to something malicious, hence the checksum is useless.
If the MITM has root certs installed on client's machine, or is somehow able to manipulate the connection, then checksums are ALSO useless, because he can change the checksums that are displayed.
Against a server attack, the same thing should happen, if he already has access to the server, he will be able to change the checksum. But, if the server is split (download server and a server to show the download link/checksum), then it would be better to provide a checksum.
So I think the rule of thumb is: if the server that is displaying the checksum is the same that provides the download file, then the checksum is useless. If you have multiple mirrors, it's a must.
answered Feb 2 at 23:45
Lucca FerriLucca Ferri
1111
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1225749%2fis-there-any-reason-to-verify-a-download-checksum-over-https%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
I wouldn't think HTTPS would catch either of those. AFAIK HTTPS offers no additional protection from corruption over TCP.
I'm no security expert, but I know that TLS (HTTPS) does these 2 things:
- Verifies that the server you are connecting to is actually who they say they are.
For example if you type in https://microsoft.com and your traffic gets sent to https://badguys.com instead without your knowledge (DNS spoofing), you'll get a certificate error. Sure the bad guys could create a fake certificate on https://badguys.com that claims to be https://microsoft.com, but it won't be signed by a valid certificate authority. - Encrypts the traffic so that it cannot be read/altered by a Man-in-the-middle attack (MITM). In this scenario, someone can see all your network traffic. If you weren't using TLS they could detect a
GETrequest and start sending you fake data, in place of the real data from the web server.
Back on the topic of downloads, many sites distribute their large downloads to mirrors. If the mirror is compromised, the file can be replaced with a malicious version. Even if the mirror uses TLS, if it was hacked or wrongfully added to the mirror list, you can be downloading a malicious version from a HTTPS site. And of course if this happens, they will update the checksum on the mirror.
This is why you should never verify a download against a checksum from a mirror, only use the checksum from the original site (as per this question).
answered Jul 5 '17 at 1:14
IanIan
802411
But how could corruption or a malicous edit possibly occur without breaking the TLS encryption and checksums, either causing a retransmit or failing the connection? In the same manner I cant just edit your "send payment" post to add some extra zeros (e.g. £5.00 -> £5000), while the TCP checksum can be forged or easily collide. Or are you saying it only matters when the download is a seperate mirror (and maybe that server itself is compromised)?
– Fire Lancer
Jul 5 '17 at 12:22
The latter is correct. I've written the answer with more detail.
– Ian
Jul 5 '17 at 20:30
add a comment |
I wouldn't think HTTPS would catch either of those. AFAIK HTTPS offers no additional protection from corruption over TCP.
I'm no security expert, but I know that TLS (HTTPS) does these 2 things:
- Verifies that the server you are connecting to is actually who they say they are.
For example if you type in https://microsoft.com and your traffic gets sent to https://badguys.com instead without your knowledge (DNS spoofing), you'll get a certificate error. Sure the bad guys could create a fake certificate on https://badguys.com that claims to be https://microsoft.com, but it won't be signed by a valid certificate authority. - Encrypts the traffic so that it cannot be read/altered by a Man-in-the-middle attack (MITM). In this scenario, someone can see all your network traffic. If you weren't using TLS they could detect a
GETrequest and start sending you fake data, in place of the real data from the web server.
Back on the topic of downloads, many sites distribute their large downloads to mirrors. If the mirror is compromised, the file can be replaced with a malicious version. Even if the mirror uses TLS, if it was hacked or wrongfully added to the mirror list, you can be downloading a malicious version from a HTTPS site. And of course if this happens, they will update the checksum on the mirror.
This is why you should never verify a download against a checksum from a mirror, only use the checksum from the original site (as per this question).
answered Jul 5 '17 at 1:14
IanIan
802411
But how could corruption or a malicous edit possibly occur without breaking the TLS encryption and checksums, either causing a retransmit or failing the connection? In the same manner I cant just edit your "send payment" post to add some extra zeros (e.g. £5.00 -> £5000), while the TCP checksum can be forged or easily collide. Or are you saying it only matters when the download is a seperate mirror (and maybe that server itself is compromised)?
– Fire Lancer
Jul 5 '17 at 12:22
The latter is correct. I've written the answer with more detail.
– Ian
Jul 5 '17 at 20:30
add a comment |
I wouldn't think HTTPS would catch either of those. AFAIK HTTPS offers no additional protection from corruption over TCP.
I'm no security expert, but I know that TLS (HTTPS) does these 2 things:
- Verifies that the server you are connecting to is actually who they say they are.
For example if you type in https://microsoft.com and your traffic gets sent to https://badguys.com instead without your knowledge (DNS spoofing), you'll get a certificate error. Sure the bad guys could create a fake certificate on https://badguys.com that claims to be https://microsoft.com, but it won't be signed by a valid certificate authority. - Encrypts the traffic so that it cannot be read/altered by a Man-in-the-middle attack (MITM). In this scenario, someone can see all your network traffic. If you weren't using TLS they could detect a
GETrequest and start sending you fake data, in place of the real data from the web server.
Back on the topic of downloads, many sites distribute their large downloads to mirrors. If the mirror is compromised, the file can be replaced with a malicious version. Even if the mirror uses TLS, if it was hacked or wrongfully added to the mirror list, you can be downloading a malicious version from a HTTPS site. And of course if this happens, they will update the checksum on the mirror.
This is why you should never verify a download against a checksum from a mirror, only use the checksum from the original site (as per this question).
answered Jul 5 '17 at 1:14
IanIan
802411
I wouldn't think HTTPS would catch either of those. AFAIK HTTPS offers no additional protection from corruption over TCP.
I'm no security expert, but I know that TLS (HTTPS) does these 2 things:
- Verifies that the server you are connecting to is actually who they say they are.
For example if you type in https://microsoft.com and your traffic gets sent to https://badguys.com instead without your knowledge (DNS spoofing), you'll get a certificate error. Sure the bad guys could create a fake certificate on https://badguys.com that claims to be https://microsoft.com, but it won't be signed by a valid certificate authority. - Encrypts the traffic so that it cannot be read/altered by a Man-in-the-middle attack (MITM). In this scenario, someone can see all your network traffic. If you weren't using TLS they could detect a
GETrequest and start sending you fake data, in place of the real data from the web server.
Back on the topic of downloads, many sites distribute their large downloads to mirrors. If the mirror is compromised, the file can be replaced with a malicious version. Even if the mirror uses TLS, if it was hacked or wrongfully added to the mirror list, you can be downloading a malicious version from a HTTPS site. And of course if this happens, they will update the checksum on the mirror.
This is why you should never verify a download against a checksum from a mirror, only use the checksum from the original site (as per this question).
answered Jul 5 '17 at 1:14
IanIan
802411
edited Jul 5 '17 at 20:30
answered Jul 5 '17 at 1:14
IanIan
802411
answered Jul 5 '17 at 1:14
IanIan
802411
answered Jul 5 '17 at 1:14
IanIan
802411
802411
But how could corruption or a malicous edit possibly occur without breaking the TLS encryption and checksums, either causing a retransmit or failing the connection? In the same manner I cant just edit your "send payment" post to add some extra zeros (e.g. £5.00 -> £5000), while the TCP checksum can be forged or easily collide. Or are you saying it only matters when the download is a seperate mirror (and maybe that server itself is compromised)?
– Fire Lancer
Jul 5 '17 at 12:22
The latter is correct. I've written the answer with more detail.
– Ian
Jul 5 '17 at 20:30
add a comment |
But how could corruption or a malicous edit possibly occur without breaking the TLS encryption and checksums, either causing a retransmit or failing the connection? In the same manner I cant just edit your "send payment" post to add some extra zeros (e.g. £5.00 -> £5000), while the TCP checksum can be forged or easily collide. Or are you saying it only matters when the download is a seperate mirror (and maybe that server itself is compromised)?
– Fire Lancer
Jul 5 '17 at 12:22
The latter is correct. I've written the answer with more detail.
– Ian
Jul 5 '17 at 20:30
But how could corruption or a malicous edit possibly occur without breaking the TLS encryption and checksums, either causing a retransmit or failing the connection? In the same manner I cant just edit your "send payment" post to add some extra zeros (e.g. £5.00 -> £5000), while the TCP checksum can be forged or easily collide. Or are you saying it only matters when the download is a seperate mirror (and maybe that server itself is compromised)?
– Fire Lancer
Jul 5 '17 at 12:22
But how could corruption or a malicous edit possibly occur without breaking the TLS encryption and checksums, either causing a retransmit or failing the connection? In the same manner I cant just edit your "send payment" post to add some extra zeros (e.g. £5.00 -> £5000), while the TCP checksum can be forged or easily collide. Or are you saying it only matters when the download is a seperate mirror (and maybe that server itself is compromised)?
– Fire Lancer
Jul 5 '17 at 12:22
The latter is correct. I've written the answer with more detail.
– Ian
Jul 5 '17 at 20:30
The latter is correct. I've written the answer with more detail.
– Ian
Jul 5 '17 at 20:30
add a comment |
Adding to Ian's response.
In a MITM attack, the man-in-the-middle won't be able to change the payload to something malicious, hence the checksum is useless.
If the MITM has root certs installed on client's machine, or is somehow able to manipulate the connection, then checksums are ALSO useless, because he can change the checksums that are displayed.
Against a server attack, the same thing should happen, if he already has access to the server, he will be able to change the checksum. But, if the server is split (download server and a server to show the download link/checksum), then it would be better to provide a checksum.
So I think the rule of thumb is: if the server that is displaying the checksum is the same that provides the download file, then the checksum is useless. If you have multiple mirrors, it's a must.
answered Feb 2 at 23:45
Lucca FerriLucca Ferri
1111
add a comment |
Adding to Ian's response.
In a MITM attack, the man-in-the-middle won't be able to change the payload to something malicious, hence the checksum is useless.
If the MITM has root certs installed on client's machine, or is somehow able to manipulate the connection, then checksums are ALSO useless, because he can change the checksums that are displayed.
Against a server attack, the same thing should happen, if he already has access to the server, he will be able to change the checksum. But, if the server is split (download server and a server to show the download link/checksum), then it would be better to provide a checksum.
So I think the rule of thumb is: if the server that is displaying the checksum is the same that provides the download file, then the checksum is useless. If you have multiple mirrors, it's a must.
answered Feb 2 at 23:45
Lucca FerriLucca Ferri
1111
add a comment |
Adding to Ian's response.
In a MITM attack, the man-in-the-middle won't be able to change the payload to something malicious, hence the checksum is useless.
If the MITM has root certs installed on client's machine, or is somehow able to manipulate the connection, then checksums are ALSO useless, because he can change the checksums that are displayed.
Against a server attack, the same thing should happen, if he already has access to the server, he will be able to change the checksum. But, if the server is split (download server and a server to show the download link/checksum), then it would be better to provide a checksum.
So I think the rule of thumb is: if the server that is displaying the checksum is the same that provides the download file, then the checksum is useless. If you have multiple mirrors, it's a must.
answered Feb 2 at 23:45
Lucca FerriLucca Ferri
1111
Adding to Ian's response.
In a MITM attack, the man-in-the-middle won't be able to change the payload to something malicious, hence the checksum is useless.
If the MITM has root certs installed on client's machine, or is somehow able to manipulate the connection, then checksums are ALSO useless, because he can change the checksums that are displayed.
Against a server attack, the same thing should happen, if he already has access to the server, he will be able to change the checksum. But, if the server is split (download server and a server to show the download link/checksum), then it would be better to provide a checksum.
So I think the rule of thumb is: if the server that is displaying the checksum is the same that provides the download file, then the checksum is useless. If you have multiple mirrors, it's a must.
answered Feb 2 at 23:45
Lucca FerriLucca Ferri
1111
answered Feb 2 at 23:45
Lucca FerriLucca Ferri
1111
answered Feb 2 at 23:45
Lucca FerriLucca Ferri
1111
answered Feb 2 at 23:45
Lucca FerriLucca Ferri
1111
1111
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1225749%2fis-there-any-reason-to-verify-a-download-checksum-over-https%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
