Is file checksum useful in an HTTPS site?

Question

we've been asked to provide file checksum on a download page.

Anyway the portal we are developing is in HTTPS with 3 factor authentication.

Does the checksum add any security or it is useless?

Answer 1

Checksums of files can be used to verify that the file has been downloaded correct. For example, if it is possible to download huge files from your portal, it would be a nice thing to supply the checksums of the files as well.

In this way a user can download the file, compute the checksum himself, and compare the checksum with the one provided by you. Example of a checksum algorithm could be Secure Hash Algorithm (in its various editions) or MD5

With respect to security, checksums can thus be used to see if a file has been modified. Although in your particular case, one can argue one much extra security is gained, since if a potential hacker gets access to modify your files, the hacker might as well also change the checksums accordingly.

Answer 2

It does not add security. It does however add the ability to check whether the file downloaded was corrupted during the download process.