Security

Recommended Resources

Your security needs may be different than others, depending on your location, your needs, and your particular threat model. Lantern recommends the following sources for understanding and identifying your particular security needs.

• Consumer Reports | Security Planner (https://securityplanner.consumerreports.org/)
• Miaan Digital Security Helpdesk | Assistance (https://miaan.org/projects/miaan-digital-security-helpdesk/)

Verify a File Download

How to validate that a client application file is authentic, even if downloaded through an untrusted network.

Hash functions can be used to create a unique digital signature -- a hash -- for any file. Lantern captures this hash when our application is compiled and publishes them on GitHub: lantern-binaries. Users can run the same hash function (SHA256) on downloaded copies to assure they are an exact match, proving the file to be an authentic and unaltered copy of the original.

Most operating systems have built-in hash functions. Follow the steps below for your operating system to generate the hash for a file.

[!IMPORTANT] Make sure to replace C:\file\path\my_file.exe or /path/to/my_file with the actual path to the file.

MacOS or Linux

From your preferred terminal application, run the following command:

openssl dgst -sha256 /path/to/my_file

Windows

Command Prompt

1. Press Windows+R to open the Run box
2. Type cmd and click OK.
3. The Command Prompt window will open.
4. Run the following command:

certutil -hashfile C:\file\path\my_file.exe SHA256

Power Shell

1. Press Windows+R to open the Run box
2. Type powershell and click OK.
3. The Windows PowerShell window will open.
4. Run the following command:

Get-FileHash C:\file\path\my_file.exe -Algorithm SHA256