Checksum of blob (GAE)

Question

Here's my problem: I want to know if the client have downloaded blob succesfully, so is there any way to get the checksum of the blob? Or may be there are some better solutions to compare blob and downloaded file if they are the same?

Answer 1

In almost all circumstances, the built-in checksums of TCP/IP will protect your data from network corruption during transit. Furthermore, audio files (and other media files like images) are fault-tolerant to a few flipped bits. (That's not to say corruption wouldn't be noticeable, but its effects would be minimal.)

If you have reason to worry about intentional corruption from a malicious party (you probably don't), it may be worth providing checksums. However, having the user check them will still require some manual input, even if you make it as simple as possible.

This post provides an example of calculating an MD5 hash of a file using JS. MD5 has many known weaknesses, so if you're trying to avoid malicious corruption, you might want to use something stronger (SHA1 at minimum). Here's another example using SHA1.

The biggest shortcoming of these solutions is that, due to browser security models, users will need to manually select the files so that your code can calculate the checksum.

You'll also need to verify that your JS (which the user is executing to calculate the checksum) hasn't been modified, and that the checksum you're comparing to on your site hasn't been modified before it could be compared with the local checksum. Using SSL can help for these concerns. For savvy users, you could just publish the checksums on your site, and let them verify with their own tools.

So, to summarize:

• You probably don't need to do perform checksum validation for MP3s.
• There are JS-based solutions you can use, but they aren't particularly user-friendly.
• Most users who care about checksums will probably know how to calculate them, themselves, so publishing checksums is a nice compromise.
• Lastly, use SSL on your site!