[Retr0id]

The whole point of fingerprinting is to produce something that's feasible to manually verify, as described in the article. If you're comparing in software there's no need to hash first (unless it's part of a certificate chain etc.)

[pdn1]

There is a need... If you compare untrusted files with trusted software.... At the very least, it should be an additional check because I'm pretty sure that this example could have fooled me... But diff would have had no issues