[Hyperized]

Don't use SHA-1 please.

[JshWright]

Verifying a downloaded file doesn't require a cryptographically secure hash function...

[aianus]

Of course it does, otherwise a malicious mirror can (theoretically) work to find a collision between their malware and the legitimate file and serve you the former.

There's no good reason not to use a secure hash function.

[JshWright]

If your threat model involves an attacker who is able to achieve a hash collision while still implanting a sophisticated malware, you should probably avoid downloading software from random websites...

[verbify]

It would be pretty impressive, as they'd need their malware to both do what they want and exactly match that hash. Not impossible, just clever.

[feld]

well it does require one that can't have collisions. otherwise what's the point in "verifying"?

[mschulze]

There is no hash function that can't have collisions by definition.

[feld]

*isn't known to have collisions, then

[nathan_f77]

They have moved away from SHA-1, and are now using SHA-256. Previous releases were signed with SHA-1, and before that it was MD5: https://handbrake.fr/checksums.php

I'm not sure why they haven't retroactively calculated checksums for older versions.

But you're right that SHA-1 needs to stop being used: https://sites.google.com/site/itstheshappening/

These researchers have found the first "freestart" collision, and they estimate the SHA-1 collision cost to take a few months, costing between 75K$ and 120K$.

Practically speaking, I don't think anyone could make a profit by forging a Handbrake release, but the FBI probably do have some very high-profile targets who use video encoding software.