alt Hacker NewsThat sounds like it's only helpful for ddos mitigation, in which case the attacker could trivially synthesize a correct checksum.
That sounds like it's only helpful for ddos mitigation, in which case the attacker could trivially synthesize a correct checksum.
You don't have to use a publicly documented checksum.
If you use a cryptographically secure hashing algorithm, mix in a secret salt and use a long enough checksum, attackers would find it nearly impossible to synthesise a correct checksum.