|
|
|
|
|
|
by sprin
3662 days ago
|
|
|
Fantastic! While not as bulletproof as receiving the hash out-of-band for a critical resource, this is better than verifying against a hash received from the same origin as the resource, and far better than no hash verification at all. And because this is FOSS, we can be gain some protection against the compromise or MITM of a single, central hash-archive server when many of them are deployed by distinct entities on different public domains. One request: there are lots of users who would be well-served by a way to compute hashes in-browser via the WebCryptoAPI [1]. Would you consider accepting this feature into hash-archive? For users who aren't able to install or have difficulty using a hash calculator locally, this would enable verification of downloaded files in a one-stop online workflow. [1] https://www.w3.org/TR/WebCryptoAPI/ edit: I stood up an instance here, and I'll make an effort to keep it running and updated: https://hash-archive.probablybroken.com/ |
|
|