File Checksums and Verification
A file is broken up into 1 or more pieces and MD5 checksums are calculated for each of those pieces of the file.
Then a SHA1 signature is calculated as the checksum of all the piece checksums put together plus the SHA1 checksum of the entire file.
(This is similar to the BitTorrent™ protocol.)
As each piece is uploaded, the server verifies that the MD5 checksum from the data is correct. In this way, every piece of every file is double checked before the upload is considered a success. {The storage system uses MD5 for the checksums, hence the mix of MD5 and SHA1.}
Additional Data Double-Check
When adding to your vault, in addition to the
file signature, a small part of the data from a random location in the file is sent.
If the file has already been uploaded, this data is verified against the contents
of the file stored in the vault.
The "random" location is really the first 8 bytes of the authorization signature below, so not selected at random by the client. You could only have a file copied to your vault if you really had a copy of the file on your computer to lookup the correct data.
Authorization Signatures
Your password is never sent from GetRight to the GetRight Vault servers.
A SHA1 checksum is calculated from your login, your password, a timestamp, and other information from the request.
The server does the same calculation and verifies that the two values match.
With a timestamp included, these signatures automatically will become invalid after some time passes.