Checksum question

Discussion in 'macOS' started by SkVan, Jun 6, 2016.

  1. SkVan Suspended

    Joined:
    Jun 5, 2016
    #1
    Since Mavericks is no longer offered by Apple (either free of paid), I had a friend ask her classmate to upload a copy for me since she has it tied to her Mac App Store account.

    If the MD5 and SHA256 hashes match with the hashes of the legit download, can I be assured that the OS X installer has not been tampered with and is safe?
     
  2. BeefCake 15 macrumors 65816

    BeefCake 15

    Joined:
    May 15, 2015
    Location:
    near Boston, MA
    #2
    Correct.
     
  3. SkVan thread starter Suspended

    Joined:
    Jun 5, 2016
    #3
    Thanks.

    Are you aware of any reports of OS X itself being compromised by malware by hackers through modified downloads?

    Like, could an infected OS X image compromise a Mac's BIOS/EFI (whatever it's called, the boot) or would it only compromise the install of OS X (which could then be amended by a wipe+clean install)?

    Cheers.
     
  4. BeefCake 15 macrumors 65816

    BeefCake 15

    Joined:
    May 15, 2015
    Location:
    near Boston, MA
    #4
    That would be a huge breakthrough to be able to beat the MD5 and hashes of the OS X installation. I'm not aware of any compromise of that sort and don't expect it to be a big issue as the majority of OS X installation come from the App Store to the users.
     
  5. Mr. Retrofire macrumors 601

    Mr. Retrofire

    Joined:
    Mar 2, 2010
    Location:
    www.emiliana.cl/en
    #5
    MD5 is broken since 2005. SHA-256 and SHA-512 are the current standards for cryptographic file checksums.
     

Share This Page