1. Home
  2. Networking
  3. 802.11 security. wi-fi protected access and 802.11i

Appendix C. Verifying the Integrity of Downloaded Files

Appendix C. Verifying the Integrity of Downloaded Files

Recently, a trend has occurred in which a malicious Trojan horse is hidden in popular open source programs. The authors of the programs do not do this. Instead, it is done by attackers modifying the source at distribution points such as ftp download sites. The best way to ensure you don't install software that has been modified after the authors created the ZIP or TAR file is to check either the MD5 message digest or the GPG signature of the files you download. The latter is significantly better than the former because the attacker could have easily changed the MD5 value as well.

In this appendix, we walk through the process of verifying the code you download.



    		Praise for 'Real 802.11 Security: Wi-Fi Protected Access and 802.11i'
    		Preface
    		Acknowledgments
    		Part I: What Everyone Should Know
    		Part II: The Design of Wi-Fi Security
    		Part III: Wi-Fi Security in the Real World
    		Appendixes
    		Appendix A. Overview of the AES Block Cipher
    		Appendix B. Example Message Modification
    		Appendix C. Verifying the Integrity of Downloaded Files
    		Checking the MD5 Digest
    		Checking the GPG Signature
    		Acronyms
    		References