Great, thank you for this software! Any idea if there are trusted 3rd party hash... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

wyc on April 3, 2015 | parent | context | favorite | on: Hashpipe – Pipe iff the hash matches

Great, thank you for this software! Any idea if there are trusted 3rd party hashes for popular install scripts?

If a website wants you to:

curl "http://sketchyurl.com/script.sh" | hashpipe PRECOMPUTEDHASH | sh

it might be even worse, giving you only the facade of additional security.

_prometheus on April 3, 2015 [–]

That's a bigger problem, because we essentially need full PKI. My preferred solution is via http://ipfs.io -- but i may be a bit biased :)

I think we can get halfway there with a "signed hash" construction, but yeah-- PKI...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact