Hello Steffen,
security wise, the checksum should be integrated into the browser
itself. We are trying to work in this direction, but it is definitely
a problem out of our hands right now.
About providing a script, we are already doing it here:
-
http://www.clipperz.com/integrityCheck.php?md5=5b6805e58ffef2fdbf1e0f99d988cfac
But obviously this is just to test it out, as it is currently run on
the same server hosting the application. But even if it was running on
a different server, it would be quite easy for a compromised server to
return the legitimate answer to the integrityCheck script (recognized
by the IP of the request) and a compromised request to everybody else.
So, even if it is a little burden put on the user shoulders, having an
independently distributed set of integrityCheck scripts would provide
a lot of benefit to all Clipperz users, as it would make much easier
to spot a compromised server.
Regards,
Giulio Cesare