How can users ensure the downloaded cysync app from CypherRock website is legit and not corrupted? #449
Comments
afungible
changed the title
|
Hi @afungible, Thank you for the valuable feedback. We totally agree with your concern. Displaying the I'll update this issue once it is published. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
I received the CypheRock X1 wallet recently and was trying to set it up. I would like to point out fundamental missing information on your website "https://www.cypherock.com/get-started", which makes me a bit skeptical to get started.
The downloaded package for Linux "cypherock-cysync-2.0.3-linux-x86_64.AppImage" does not provide means to verify the hashes of the archive we download. This could become a security vulnerability in future.
As someone concerned with cryptographic security, I would strongly advise CypherRock team to highlight this step to users to verify the hashes of the archives downloaded from your website (not everyone understands Github). This will confirm that the files downloaded perfectly match the files uploaded by the CypherRockX1 development team. Please do not underestimate this step, a corrupted archive could result in loss of users funds. Better safe than sorry!
Thanks!
Afungi
The text was updated successfully, but these errors were encountered: