Open Bug 452509 Opened 16 years ago Updated 2 years ago

Make download fingerprint checking simple

Categories

(Firefox :: File Handling, defect)

x86
macOS
defect

Tracking

()

People

(Reporter: bob.lord, Unassigned)

Details

Attachments

(1 file)

Today it's very tedious to check the fingerprints of downloads. When I download a file and the owner has given me the fingerprint to check, it's not clear what to do. See the attached image for an example. This particular vendor has a web page that helps me along. It says: ===== How to verify a SHA1 checksum Checksums computed on the content of downloaded files are a way to verify that the content is authentic and has neither been altered by an unauthorized third party, nor been damaged during the transfer process across the Internet. To compute such a checksum with the help Mac OS X, Apple recommends the use of the so-called SHA1 standard (Secure Hash Algorithm Version 1). Apple is using this method for their own security updates as well. For more information please also refer to Apple Knowledge Base document 75510. Perform the following steps: 1. Make sure you have the icon of the downloaded file displayed somewhere in the Finder. 2. Open the Terminal application. 3. Enter the command /usr/bin/openssl sha1 into the Terminal window but don't press the Return key (Enter) yet. Instead, enter a blank character (space bar) after the "1". 4. Drag the icon of the downloaded file from the Finder window into the Terminal window. A path specification will appear in the Terminal window. 5. Now press the Return key (Enter). 6. You will see output similar to the following example: SHA1(path specification)= 2eb722f340d4e57aa79bb5422b94d556888cbf38. The long sequence of digits and letters is the SHA1 checksum. Compare it to the checksum the file should have. (The correct checksum is mentioned on our respective download page). If it is identical, the file will be authentic. 7. Quit the Terminal application. ===== That's quite a mouthful! :-) And another problem is that many people look at just the first few bytes or the last few bytes. Humans are not good at quickly comparing long strings unless they are visually on top of each other. Random idea: how about if FF compares the hash of the file against the hash on the *clipboard*? It could either display several of the most popular hashes on the Downloads window. Or it could walk through all of them until it found one that matched the clipboard. It could then display a success message. Too geeky a thing to consume UI? How about not showing any UI unless there is a hex number of a certain length on the clipboard? Only then show some UI. Related bug? Bug 292481 (link-fingerprints) – Support link fingerprints for downloads (file checksum/hash in href attribute)
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: