On Fri, Feb 24, 2017 at 11:59 PM, Helmut K. C. Tessarek <tessa...@evermeet.cx> wrote: > > On 2017-02-24 23:45, William A Rowe Jr wrote: > >> We provide .asc pgp signatures exclusively for that purpose. > > I agree, gpg is the only way to check the authenticity of a file. > > However, people who use hashes to do this (for reasons I previously > mentioned) are in a lot safer spot, because it's most likely impossible > for an adversary to create a collision.
There is no need to generate a collision. If evilmirror.net/httpd/ fools users into thinking the .sha256 files on their site are legitimate, or if there is an MITM DNS spoof of www.apache.org, the faux-httpd-2.4.25.tar.gz.sha256 file is simply replaced with a hash result that matches the file. Our official downloads.html page links https://www.apache.org/dist/httpd/ files for all PGP sigs and hashes, but that presumes the user steps through the website in the typical way. "People who use hashes to do this" are not doing themselves favors.
