Given the security oriented nature of this program, it would seem to warrant having reassurance that my connections to the website for updates is also secure and authenticated. I think it would be swell if we had a certificate for the server connection in order to be sure that the update we get is validated thoroughly.
Sourceforge has a certificate, but you are better off checking the MD5 hashes.
My favourite tool for this is Nero MD5 verifier.
don't use the md5sums to verify anything untrusted anymore. its pretty easy to create collisions for it nowadays.
use the sha1, sha256 or the pgp signatures.
I still haven't found an easy to use verifier that does anything but MD5. Being able to paste the hash, point to the file and press the go button is my idea of a utility people would use.
I came across Hashcheck, it seems to work pretty well.
It creates a Checksums tab in the shell's file properties dialog that includes SHA-1. You can paste the hash into a field in the tab to see if it matches (you need to remove the spaces between the octets). Or if you have a checksum file you can double click it and it will be checked against the file.
I've been using HashTab for years, http://www.implbits.com/hashtab.aspx
Log in to post a comment.