32

Hi !

Here is my proposal : I think it's actually quite annoying to check MD5 ourselves and I suppose most people don't even do the check.

So I thought : what if, whenever a file is copied from a HTTP/FTP Input, KIO checked if a MD5 file exist for this file and compare itself the MD5 file and the downloaded file (if you download http://mescouilles.com/caca.iso it check for an eventual http://mescouilles.com/caca.iso.md5) ?
And if the MD5 doesn't match, it would just show an error window saying : "MD5 doesn't match, would you like to start download again ?" or something like this.

Why not ?

md5 is absolutely outdated, insecure for comparing binaries. In a few hours everybody can create an evil binary with the same md5-sum.
It's still widely used, but some newer hashes should be supported. There are very fast libraries...

I don't think this is intended for security, just to make sure the download didn't have any errors. For that purpose MD5 is fine. If it was a security-related issue I don't think it would be asking to restart the download.

But the same feature can be used for your security-issues. So there should also be other hashes. Hashes are more important for security reasons because 1) there are higher risks and 2) TCP should normally provide such non-security-related verifications.