Hacker News new | past | comments | ask | show | jobs | submit login

An example may illustrate my point: download software zip/tar files from a non-secure link. Obtain the signature and checksum files over a secure link, and verify the integrity of the software offline.

Not every communication is about hiding personal stuff.




And then find that your file doesn't match, because your ISP brokenly injected a human-targeted message at the start of your download, or some proxy corrupted it by stripping out the executable (yes, this happens)...

Absolutely nothing is lost by encrypting the downloaded data as well.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: