> > Forget for a moment the need to break into SQLite's servers > ...as you must, since if you can do that, then you don't need any of these attacks at all! You can just upload whatever you want and change the hash, since they're served from the same place. > That's the problem with this whole idea of hashed downloads. I don't understand why anyone has any confidence in them. > Now, if there were some sort of trusted third party who would download things, check them, hash them, and serve up their own hashes, that might be valuable, but I'd expect to pay enterprise IT service sort of prices to get it. I would think this argument pretty much defeats the request. A stronger hash provides NO more security as, in effect the hash provide NO security beyond knowing that the file came from the official domain. Anyone that can put a false file on the server can change the hash to compare to. The only use of the hash is to check a download from a mirror.