File integrity hash missing - Website download section

I tried to find the file integrity hash when downloading the installer. However I was unable to find the hash anywhere on the website published.

Desktop%20Installation%20Options

Where does the site say there is a “file integrity hash”?

I don’t see any part of the site saying anything about a hash…

That’s exactly the problem. There are no file hashes published on the website.
How is someone who downloads the installer going to verify the authenticity of the installer?

The binaries are code-signed iirc.

Meaning Windows and Mac won’t show the “this is from an unknown source” warning.

Also, file hashes don’t help. If you are worried about the file being modified, why would you not be worried the hashes posted on the download page could be modified?

The only way to verify binaries is using public key cryptography to sign them.

Then you need a system to verify you have a trustworthy public key for verification. Which microsoft and apple offer, called “code signing certificates”

If the installation process warns you, come back here and tell us the hash of the binary and where you downloaded from.

Also, if you ever make a fake website to distribute virus installers, post the hashes on your phishing site alongside them and your infection rate will go waay up :slight_smile:

2 Likes