"Are file hashes of files from a vendor a viable option for an additional security measure?"
Yes - for now. There was a time when the MD5 32-byte encryption algorithm could be used to safely verify any data; hashes have become longer and longer as computing power and parallel computing have advanced.
In general security is only necessary in proportion to the value of the data being protected. MD5 hashes are more than adequate for most verification purposes. Public key cryptography (RSA) protects nearly all financial transactions in the world today, but is relatively slow for transferring huge files
Quantum computing is expected to come of age in the next decade or two. Then, all bets are off.
Again, in general - it's not hard to protect critically important data from brute-force attacks. The primary cause of data breaches, by far, is human carelessness.
Sign in to Participate