Hacker News new | past | comments | ask | show | jobs | submit login

Forgive my numbness, but how does this work? How do you know the right signature to be verifying against? It seems (to my not-much-of-a-programmer mind) that you've got a chicken and egg scenario here.

But that's obviously not the case, so you can explain briefly how it works? Or just paste a link.


You move the UI messages into a separate resource file, as you would for language translation. The executable signature is unaffected by the changed UI messages.

Alternatively, you could use a broken hash and modify an unneeded string so as to produce a collision with the key you decided ahead of time.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact