10 May
2017
10 May
'17
5:20 a.m.
On Tue, 2017-05-09 at 15:22 +0200, Maren Hachmann wrote:
Am 09.05.2017 um 13:16 schrieb LucaDC: ...
encrypting/decrypting can be a way but a separate checksum could be just as good and it should always be the way for distributed binaries, because corruption could happen before encryption or while saving the file on the receiving computer's hard disk, after the browser has decrypted data.
- We do both. Uploads can be signed or 'checksummed' by the uploader.
This checksum (md5) or preferably gnupg signature is checked by the server and the upload is marked as verified automatically. This ensures at least the upload is correct. For the download the user can download the same signature or md5 and check their copy too.
Martin,