MDHashTool
| resources: | Home Installation Source Code Bugs Screenshots Contact LF Demo Release Notes |
|---|
Link Fingerprints Support in MDHashTool
"Link Fingerprints" is a scheme originally proposed by Gervase
Markham for embedding checksum information in links pointing to
files intended for distribution. Binding a file's checksum to
its URL allows a recipient to easily, and potentially automatically,
verify that his downloaded copy of a file matches the original, even if
the file
is not being hosted on the originator's own site (e.g. files
downloaded from mirrors). By comparing the reference checksum value
included in the URL to the actual value computed for your copy of the
file
and verifying that they match, you can be reasonably certain that the
file has not been altered.
where the "link fingerprint" component,
#!md5!b3187251c16675ac7d20bb762ad53967,
consists of the following elements:#! |
link fingerprint identifier |
md5 |
checksum algorithm type |
! |
separator character |
b3187251c16675ac7d20bb762ad53967 |
hexadecimal checksum string |
By default, MDHashTool (version 0.4+) will indicate links which contain a valid "link fingerprint" by displaying a fingerprint icon
after the link text or image. Menu items for viewing a link's fingerprint information and for copying the embedded checksum to the clipboard will appear in the context menu when right-clicking on such links.
Downloads which originate from URLs containing valid link fingerprints can be automatically verified using the checksum information embedded in the link. When this feature is enabled (on by default), MDHashTool will compute the checksum for a downloaded file using the algorithm specified in the link fingerprint and compare it to the expected value. If the computed value doesn't match the expected value included in the corresponding URL, an alert dialog will be displayed:
Note that this message simply indicates that there is a mismatch between the computed checksum for the file and the expected value embedded in the link. Before you conclude that the file is corrupt or has been tampered with, you may wish to verify that the link fingerprint information supplied by the file originator was generated correctly and is up to date.
When enabled, this Auto Checksum Verification occurs autonomously upon download completion: MDHashTool detects when a file has been downloaded from a source URL that contains a valid link fingerprint, and performs the checksum comparison without further prompting. In other words, you simply save a file in the usual manner(by selecting "Save link as...", or, in some cases, by loading the URL via the address bar), and the checksum verification will be done automatically when applicable. Obviously, this will only be for downloads originating from LF-enhanced links.
To disable the "link fingerprint" icon display or the automated checksum verification feature, modify the appropriate setting via the preferences dialog.
Once you've
installed MDHashTool, you can familiarize yourself with its LF-related
features by reviewing examples of valid and invalid link
fingerprints presented on the demonstration page.