You can download an ISO image through the torrents, and it will also pull down a file - unsigned - containing the calculated SHA256 signature. See the section “Manually Verify the Signature on the ISO (Direct Download)”, below. If it somehow were not, an attacker could present a “loaded” image and a matching SHA256 signature on the fake web page. This is quick and easy, but potentially susceptible to subversion via a DNS poisoning: it assumes that the site to which, for example, the domain “” resolves is in fact the actual Kali Linux site. You can download an ISO image from an official Kali Linux “Downloads” mirror, calculate the ISO’s SHA256 hash and compare it by inspection with the value listed on the Kali Linux site. Each provides a certain level of assurance, and involves a corresponding level of effort on your part. There are several methods for verifying your download.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |