Comment Re: SHA-1 is not "code-signing encryption"! (Score 1) 47
Possible catch-22
If there is a MITM, then both the download and the webpage can be manipulated.
So, the hashes can both match the download
Solutions are obvious if one only has the optical power to observe them over the horizon. -- K.A. Arsdall