[lsedgwick]

Either the site really doesn't support https (odd, since it is the very page that supplies the verification hashes!) or something more scary is actually happening and it's getting universally man-in-the-middled, which feels plausible for a site that offers cryptographic tools for download.

[ficklepickle]

It serves the cert for 0pointer.net, which is served from the same IP. I think it is more likely to be a poorly configured personal site than something nefarious.

If you are concerned, 0pointer.net has contact info.

[thinkmassive]

What tools are you seeing offered for download there?

Yeah it’d be better to use https since it lists some checksums, but it was last updated in 2018, and Debian packages are verified anyway.

[matrss]

It contains a http link to "ssss-0.5.tar.gz", which I would assume is meant to be a source code archive. That really looks suspicious.

[thinkmassive]

My apologies, I didn’t realize those were links.

Hopefully anyone interested for more than academic reasons does their research on the range of solutions more widely available.

[matrss]

To be fair, the color is misleading. I associate red text with dead links and that is the only reason I checked what they point at.