Every time you visit the Clipperz login page, your browser downloads about 1 MB of JavaScript code. This is the whole code of the Clipperz web application, the code that your browser will run while you enjoy Clipperz. This code takes care of everything you can do within Clipperz, from logging you in to signing you out.

Therefore it is critical to be sure that the downloaded code has not been tampered with. This page gives you some practical advice on checking the genuineness of your code.

Checksums and hash functions

A checksum (or digital fingerprint, or message digest) is a string of characters generated by special algorithms called “cryptographic hash functions”. These algorithms take a message (e.g. a text file) of any length as input and produces a fixed length string as output.

Good hash function are such that it’s very difficult to:

• find a message that matches a given checksum;
• generate “collisions”, wherein two different messages have the same message digest.

For these reasons it is a good idea to use checksums as handy identifiers of large objects such as text files, they could be seen as a condensed digital representation that is, to a high degree of probability, unique for a given input data sequence.

If a text file is modified the correspondent checksum will be completely different, even if only a single character has been changed.

To date the two most-commonly used hash functions are MD5 and SHA-1, producing respectively 128-bit and 160-bit outputs.

How to compute the checksum of the Clipperz application

You need to perform the following two steps:

1. save the page source to a file;
2. run the hash function.

1. Save Clipperz source code to a file

For any other purpose, you could access the source code of any web page, by simply using the built browser functionality. Select “View > Page source” from the browser menus and then you could just copy the entire code to a file.

But in this case you need to be sure that not even a single character is added or changed. Therefore you should avoid the above procedure and opt for a safer method.

• Windows, Linux, Unix

  Install Wget for your operating system and the run the following command from a terminal window:

  wget https://beta.clipperz.com/index.html

  Further information about installing and using wget in a Windows environment can be found here.

• OS X

  Run the following command from a terminal window:

  curl http://beta.clipperz.com/index.html -o index.html

2. Compute the hash function of the Clipperz code

Locate the index.html file generated by the previous step on your hard disk.

• Windows

  Install one of the following utilities. Then run it to compute the MD5 or SHA-1 digest of the index.html file.

  • Microsoft File Checksum Integrity Verifier utility (download)
  • Fastsum integrity control (download)
  • Karen’s Hasher (download)

• Unix, Linux, OS X

  Open a terminal window, move to the directory where the ‘index.html’ file is located and run one or both of the following commands:

  • md5 index.html
  • openssl sha1 index.html

Eventually, compare the values obtained with the ones available in the right column of the Clipperz web site. If they don’t match please report immediately.