You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The hashing is to check for file integrity, not security. If getmonero/repo is compromised changing the hash is trivial. Verifying the signature determines authenticity and ensures security, the particular hash function used doesn't really matter, though it's always good to have more.
Since SHA256 is vulnerable to length extension attacks, the downloads page of getmonero.org should include at least the SHA3 hash for each file.
The text was updated successfully, but these errors were encountered: