You are here

Does the PortableApps Platform conduct any internal checks on the files it downloads?

3 posts / 0 new
Last post
lindatess
Offline
Last seen: 9 years 9 months ago
Joined: 2014-05-06 07:25
Does the PortableApps Platform conduct any internal checks on the files it downloads?

I came across this forum post, https://portableapps.com/node/18388, about using the digital signature to check if a file has been downloaded correctly.

I will be travelling to a country that is known to seed incorrect files for known encryption products and browsers. i.e. If you try to download EFF's TOR, you will get a fake version of tor that will install malware instead. This is why there are PGP signatures on the website along with the downloaded files.

I am thinking about manually downloading and checking the md5 and signatures of the paf.exe files instead of using the PortableApps platform, but this will mean I won't know when to update Google Chrome Portable and may leave myself vulnerable to a flash exploit.

Essentially, I was wondering whether the automated updates via the PortableApps Platform, have any md5 or digital signature check.

John T. Haller
John T. Haller's picture
Online
Last seen: 5 min 59 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Yes, MD5

The PA.c Platform checks the MD5 of each app it downloads against the one stored in the app database that it downloads first. The PA.c Installer does the same thing for apps like Google Chrome (the online installer internally has the MD5 it expects compiled in and will fail if the downloaded version of Chrome doesn't match).

Sometimes, the impossible can become possible, if you're awesome!

yasuo
Offline
Last seen: 9 years 8 months ago
Joined: 2006-05-10 07:13
how is the md5 database being

how is the md5 database being verified?
Is it protection against manipulation or only against packet loss?

It would be very easy to modify it on the transport, by using forced proxy and a few lines of php...

Log in or register to post comments