Hacker News new | ask | show | jobs
by martinknafve 3331 days ago
Wouldn't it make more sense to sign the binary then?
2 comments
alexchantavy 3331 days ago
Yeah, really silly that the legitimate binary for Handbrake isn't signed. Sure, if the intruder had compromised the hosting server then they might have also compromised the signing cert, but that's still an extra step.
link
marcosdumay 3330 days ago
Aren't both the same thing?

How else can you sign a binary?

link
martinknafve 3330 days ago
OP was referring to creating a hash, signing the hash and publish the signed hash on the web site.

The alternative would be to sign the actual binary file using code signing (internally I assume that relies on a hash ).

link