Suggestion Verifying Data Integrity

[Deleted member 392097]

It would be very useful for you to be given the launcher's SHA256 hash, so that you can verify the integrity of the data. Obviously to make sure that it has not been intercepted during the download, as SSL is not used (this has now changed, I will leave this in here just for the purposes of users being able to see how this thread started, but my latest message (at the time of this writing/editing) states that the SSL and security side of things is less of an issue now and not the main point of this thread any more), thus if there is no encrypted connection, then at least to allow people to verify the integrity of the application would be nice. This would also be beneficial for verifying that the data did not become corrupted along the way.

 

[der_scheme]

How would you make sure that the checksum is correct? :P

 

[Deleted member 392097]

How would you make sure that the checksum is correct? :p

Well, the developers would obviously get the MD5 hash of the launcher once they had finished working on it, and then check it a few times and then post it. And then you would be able to use it to check the launcher's integrity.[DOUBLEPOST=1415535520,1415535466][/DOUBLEPOST]

How would you make sure that the checksum is correct? :p

You would just have to trust that they had done it correctly, and that like most companies, had given you the right one.

 

[der_scheme]

Well, the developers would obviously get the MD5 hash of the launcher once they had finished working on it, and then check it a few times and then post it. And then you would be able to use it to check the launcher's integrity.[DOUBLEPOST=1415535520,1415535466][/DOUBLEPOST]

You would just have to trust that they had done it correctly, and that like most companies, had given you the right one.

Rephrasing my point: How would you verify that the man in the middle didn't also manipulate the checksum? Checksums are only to verify transmission went without errors, not that you don't have some entity manipulating your traffic on purpose.

 

[Deleted member 392097]

Rephrasing my point: How would you verify that the man in the middle didn't also manipulate the checksum? Checksums are only to verify transmission went without errors, not that you don't have some entity manipulating your traffic on purpose.

Well, how to you verify that there is not man in the middle on any site? Probably getting a good strong SSL connection would be a first step though.

 

[Deleted member 392097]

It's been a while since this thread has been active, but there have been some changes so I thought I would post here again. Now that the site is using an HTTPS connection man-in-the-middle attacks are less likely to be successful in terms of actually changing the data. But there is still the issue of checking data integrity for corruption reasons. I think it would still be really good if checksums were provided so that users could check that the downloaded data didn't some how get corrupted a long the way.