Chapter 1. Overview

A simple FileHandler which allows to verify checksums on file contents in various formats. Such checksums are sometimes provided by download sites to support a way of ensuring that the downloaded file was not modified or corrupted.

A checksum is some kind of number that was derived from performing some computation on some content. There are various well known such computational methods for this purpose, such as the simple Cyclic Redundancy Check (CRC) or the cryptographically (more) secure Message Digest 5 (MD5) and Secure Hash Algorithm 1 (SHA-1).

Validating such a checksum involves re-calculating the number with the same method and comparing the outcome to what was presented. If the two numbers match, chances are high that the files contents have not been modified or corrupted.

However, care must be taken in correctly interpreting this result: Not all of the methods provide the same security against manipulation. CRC is fast to compute but can be manipulated by the files contents themselves to result in a predetermined checksum. It is thus safe to trust for detection of accidential download corruption but should not be used for making sure some file has not been manipulated on purpose.

If the latter is required, a cryptographically secure algorithm has to be used, such as the MD5 or SHA-1 mentioned above. These are designed in such a way as to minimize the possiblities of changing content in such a way as to result in a given checksum. It is thus very hard to manipulate a files contents and not getting detected by validation of such a checksum. This additional security comes at the cost of a massively increased amount of computation that has to be done. As a result these algorithms are much slower to compute.

Depending on the area of use, one or the other algorithm should be chosen.

The purpose of this FileHandler is to provide a means of validating such checksums as well as initially calculating and saving them, so it is an editor by nature.