Is this the correct way to use a checksum?

Question

I'm working on an app that, among other things, downloads images from the web. Some of my testers are finding that images fails to download. In some cases, downloading fails in the middle. The image that ends up on displaying is something like this:

The intended image looks like this:

The app consumes the URLs from an API. I'd like to use, say, a SHA1 checksum to verify that the image is downloaded, like so:

1. The app requests image information, including the URL and the checksum.
2. The app attempts to download the image.
3. The app hashes and compares the downloaded image with the hash from the server.

Do I have this right? Will this kind of hashing help detect downloads that fail halfway?

Answer 1

The logic you present is correct. In general SHA1 would be used when security is a concern. You could use a simpler method to check that the data is valid. Size of the file actually downloaded, etc. However, the logic you present is a more thorough check on the validity of the data received from the server, and if the SHA1 sums check out, you have accurately guaranteed that the user has received the data that you sent.

I believe HTTP and FTP transfer protocols both guarantee this for you though. By guarantee, meaning that you will be notified in the event that a partial file has been downloaded, or returned success in the event the file was completely and accurately received. So unless security is an issue, the SHA1 check is overkill. If it is necessary, you would also need to encrypt this hash in a public/private key type of scheme.