This question is not about the lab/lesson it self but just a general pondering in to the principle of this practice.
We verify the hash of the file to confirm a malicious user has not tampered with the original file. I get that. I know that this has been standard practice for ages. But how do you get the proper (verified) hash for the file in the first place ? If the malicious actor could replace the binary, they could just as easily replace the published hash to reflect the compromised binary. So how does a user downloading and verifying the binary know they are using the hash published by the true author of the binary? Apologies if I have missed something obvious here.
Hello josephfchandy
when a user tries to download a file this file gets shredded into smaller pieces. each piece contains metadata about the next shred. making the whole file seems to be a very large chain if one shred gets changed, the next and the previous shred will not be able to identify the changed one that is when the file gets corrupted as the whole file is changed now.
Thanks,
KodeKloud Support