Comment Re: SHA-1 is not "code-signing encryption"! (Score 1) 47
Possible catch-22
If there is a MITM, then both the download and the webpage can be manipulated.
So, the hashes can both match the download
The optimum committee has no members. -- Norman Augustine