This is where signatures come in - file signatures are very similar in principle to the idea behind signing both the back of your credit card, and a credit card receipt (pretending that the signature on a credit card receipt isn't trivially easy to forge for the purpose of this example). If you were to somehow end up with the "evil" version instead of the official release, how would you know the difference? When you download a file from the internet, unless you take additional steps, you don't have a good way of knowing if the file has been tampered with. The fact that you're using pidgin means that you have some level of trust in the authors, but it's not beyond the realm of possibility that someone else could make an "evil" patched version of pidgin which would steal your sensitive data without your knowledge. What is a signature and why should I check it?
0 Comments
Leave a Reply. |