User-friendly checksum validation on Mac OS?
I'm not entirely sure if this a SO or SF question, but I'll give it a go here.
We're offering DMGs for download and a MD5 checksum to go with each. The question is how to instruct users of how to actually checks开发者_C百科um and compare with the given checksum. Users aren't going to be all that tech savvy.
One idea was to produce a copy-paste bash command (a string built with the current checksum) which when executed says "yes" or "no". But that involves the user pulling up the Terminal, which isn't very friendly and means that most users don't know what they're doing. 'Black magic' isn't good for security.
Another idea would be to provide a GUI app to do the verification, but that would require initial trust, which breaks the point of offering a checksum.
So how do you boot-strap this kind of thing?
I was explaining this verification concept to a "beginer level" audience. They understood the concept of ensuring the checksum generated from the download needed to actually match the software author's actual checksum.
It was pointed out that checking manually was long winded and human error prone. The simplest method was to use Finder
within Terminal
(cmd & f) and then simply pasting in your own generated checksum and then "finding" the author's genuine checksum thus confirming a match!
精彩评论