Generate crc32 checksum #521
Comments
|
Worth noting that CRC32 is not a "secure" checksum in the sense that it's very easy to generate collisions. So, it would be trivial for someone to download an ISO, modify it in some malicious way and also include a file made up of carefully calculated data that would make the checksum match afterwards. I know that the main point of the process is to verify that there wasn't any corruption. But there's the side benefit of verifying the iso you've downloaded is the same one we published too. So we definitely want to keep publishing the more "secure" hashes too. |
|
@davidmhewitt it turns out Etcher doesn't actually expose these as prominently anymore so it's probably a non-issue. I've updated the installation docs to use the built-in Windows method of verifying instead of Rufus' anyway. |
Etcher has started exposing the calculated crc32 checksum of an image after it's flashed; it would cut down on our documentation if we used that to verify both the download and the flashed drive.
The text was updated successfully, but these errors were encountered: