0 upvotes, 1 direct replies (showing 1)
That can be avoided much easier by using a hash/checksum no?
Comment by shavetheyaks at 16/01/2025 at 18:58 UTC
1 upvotes, 1 direct replies
No, it can't. If the hash/checksum is sent with the page, a man-in-the-middle would just regenerate a new one and send it. Hashes are used to check integrity of large file downloads sometimes, but the hash is sent separately, and won't really protect from malicious actors if it's being served up on the same site and downloaded at about the same time as the file.
It could be prevented with signatures, which can be validated by a public key that everyone has, but can only be generated by a private key that the sender has. Public key cryptography is orders of magnitude slower than symmetric key crypto, so to avoid "wasting cycles," signatures can be used to verify the identity of the participants to each other, then public key crypto can be used to securely exchange a key to be used for symmetric crypto afterwards. Which is exactly what TLS does.
To mitigate the possibility of a man-in-the-middle giving you a phony public key, gemini encourages TOFU (trust on first use), which means you keep the server's public key on file after you get it the first time. So to make you trust a man-in-the-middle, they would have to intercept your very first access to a server, which is harder to do and obvious if they get it wrong.