Message Board
Register

Re: Should I be worry about this site shutting dow

Posted by Danielle on .
You don't need to check all three hashes, it's practically impossible that a compromised ROM will have the same hash as the real one. While it's certainly not a bad idea to check all three, there's no need to operate under the assumption that it's less secure if you only check one. Considering the low likelihood that the ROM itself would be compromised in the first place (the most common vector for infection from a ROM site is through accidentally clicking a fake download button on a third-party ad), and the incredible rarity of preimage attacks on modern cryptographic hashes, you'd only be looking at the hash to make sure the download had no errors.

In reply to: Re: Should I be worry about this site shutting dow posted by archivist83 on .
Download ROMs from other sites, and check their hashes against redump (http://redump.org). Make sure to check all 3 hashes (CRC-32, MD5 and SHA1) because none of those are secure on their own