1 upvotes, 1 direct replies (showing 1)
No, it can't. If the hash/checksum is sent with the page, a man-in-the-middle would just regenerate a new one and send it. Hashes are used to check integrity of large file downloads sometimes, but the hash is sent separately, and won't really protect from malicious actors if it's being served up on the same site and downloaded at about the same time as the file.
It could be prevented with signatures, which can be validated by a public key that everyone has, but can only be generated by a private key that the sender has. Public key cryptography is orders of magnitude slower than symmetric key crypto, so to avoid "wasting cycles," signatures can be used to verify the identity of the participants to each other, then public key crypto can be used to securely exchange a key to be used for symmetric crypto afterwards. Which is exactly what TLS does.
To mitigate the possibility of a man-in-the-middle giving you a phony public key, gemini encourages TOFU (trust on first use), which means you keep the server's public key on file after you get it the first time. So to make you trust a man-in-the-middle, they would have to intercept your very first access to a server, which is harder to do and obvious if they get it wrong.
Comment by tinspin at 17/01/2025 at 00:17 UTC
0 upvotes, 1 direct replies
https://datatracker.ietf.org/doc/html/rfc2289
You have to salt the hash... so that the MITM can't fake things.
I'm still very surprised there are C coders that never used Java and cryptography experts that never used 2289!