Avoiding Trojans and Rootkits
Subject:   MD5 vs. PGP
Date:   2003-03-07 03:41:20
From:   anonymous2
You use an example of an ftp site with some files on it, and a file containing checksums to verify the integrity of these files. Let's presume the site in question has been hacked, and the software trojaned - it wouldn't take much for the attacker to modify the file containing MD5 sums to reflect the checksums on his modified version of the tarballs, etc.

In this instance I believe verifying PGP signatures would be a lot more reliable. For example, does this with its files. There is a helpful document on this here:

1 to 1 of 1
1 to 1 of 1