
If a Hacker can edit download link, they can edit your SHA256 hash - hellbanner
Why do websites list SHA256 hashes next to their download links? If 1 is compromised, the other could be too?
======
infosecrf
You could always check the SHA256 from a separate device on separate network,
ie your smartphone.

~~~
czbond
Original poster is suggesting that if one can change the downloaded file on
the source location, then the same person can update the SHA256 string used to
"guarantee authenticity". They're not suggesting a MTM style attack where one
changes the string mid flight.

