On 21/02/2012 04:18, Alex Harui wrote:
What is wrong about an approach where the "loader.swf" has MD5 hash of the files? It has to load and check the loaded files before initializing them. The man-in-the-middle would need toI don't think we can find a way to know that a file downloaded from one mirror is the same as one coming from another mirror without downloading it in the first place.
provide a hacked swf with the same md5 ... hard to archieve.
yours Martin.
