For now, 2 official places can be found to download the Daedalus Wallets:
But no SHA256 (or MD5, etc.) for the wallets can be found in either the address above. Sometimes people want to check the authenticity of the file downloaded, so I think it’s better if they are provided.
This may also help those who download the wallets from other server, for they just have poor internet connection to these sites.
3 Likes
You’re right that a method verifying authenticity should be provided. It should be cryptographic signatures though instead of hashes, because hashes are just as easily forged as installers themselves and can give you a false sense of security. Last I checked the Mac and Windows releases were signed by someone, but there should be a well defined step-by-step method for users to verify that it’s signed by IOHK, like this.
Update: The newly released Daedalus installers are PGP signed and have clear, step-by-step instructions on how to verify. SHA256 checksums are provided as well, but those are not to be trusted blindly.
1 Like