CheckSum

Topics: Feature Requests, Users Discussion
Jan 8, 2016 at 12:50 PM
When I download the latest version of VeraCrypt, is there a location on this where I can get the checksum of the file to validate the authenticity of the file?

For Example: CheckSum for TrueCrypt 7.1a https://truecryptcheck.wordpress.com

Also, the same question above for the portable exe too?

Thanks
Marked as answer by WRVeraCrypt on 1/9/2016 at 11:23 AM
Jan 8, 2016 at 3:25 PM
Edited Jan 8, 2016 at 3:27 PM
There are checksums on the download page. however: If someone intercepts your download, that attacker can also intercept your access to the hash
Jan 8, 2016 at 8:12 PM
Thank you for your reply.
Jan 8, 2016 at 8:38 PM
Edited Jan 8, 2016 at 8:42 PM
RandomNameforCode wrote:
however: If someone intercepts your download, that attacker can also intercept your access to the hash
Can you explain more in details when you wrote "that attacker can also intercept your access to the hash"? Do you mean that they can change the checksum on the website or the downloaded file?

Usually, I use another program to get the MD5 checksum of a file and compared to the TrueCrypt's website checksum.
Jan 9, 2016 at 5:34 PM
It's good to download exe from one source (web page) and the checksum from different. Both should be https with proper certificates. With https it's very hard to tamper your data, because your browser would display warning. With unencrypted http anyone on the way between you and the server can simply alter/replace the content you will see. The one who changes something is usually your ISP, some of them add or replace advertisement you will see. If some force will go after you, they can for example place a bug to your ISP router which will inject evil code (like keylogger) into any exe you will download from plain http website.
Jan 9, 2016 at 6:23 PM
Thank you for the further explanation.