Questions tagged [checksum]
27 questions
27
votes
4 answers
Checksum vs. Hash: Differences and Similarities?
What are similarities and differences between a "checksum" algorithm and a "hash" function?
Can they be used instead of each other? Or their usage are different?
For example, for verifying the integrity of a text, which one is better to be…
Questioner
- 1,277
- 2
- 10
- 14
17
votes
4 answers
Is signing a file better than issuing a checksum, and does it render a separate checksum useless?
Alternatively, the question could be asked: Does issuing a checksum for a file we sign anyways just duplicate work?
Use case: Firmware sent to an IoT device. We sign it, and form a separate checksum for it.
My understanding is that this is…
kmfsousa
- 181
- 1
- 6
17
votes
2 answers
Which hashing algorithm shoud I use for a safe file checksum?
For my work I'll need to provide my customer a specific file which will be the result of the work I have done for them.
To protect the integrity of the work I have done and to guarantee it has never been modified, I intend to add a checksum to my…
gouaille
- 173
- 1
- 1
- 4
9
votes
4 answers
What's the point of providing file checksums for verifying downloads?
Many projects offering binaries, also offer hashes (e.g. SHA256) of those binaries, wither as .ASC files, or directly on the web page near the binary. This isn't to protect against network-caused corruption, as that's ensured by the TCP…
Dan Dascalescu
- 1,945
- 2
- 15
- 23
4
votes
3 answers
Why verify a file / firmware downloaded online against a checksum?
When ever there is a file / firmware to download online and they provide a checksum to check the file against, i always confirm the check sum of the downloaded file matches the checksum posted online.
But it has often crossed my mind, if a…
sam
- 536
- 3
- 14
4
votes
2 answers
How does file hashing works?
When you run sha256sum filename OR md5sum filename, does it generate hash based on the file size or the whole contents of a file?
Is it different from password hash? Given a string, the program uses its algorithm to create a hash and similar way is…
John Doe
- 167
- 1
- 1
- 4
2
votes
1 answer
Why there is nothing that automatically checks signatures of files downloaded in browsers?
When downloading files (mainly software/installers) from pages in browsers, sometimes it comes also with a cryptographic hash or a signature to verify the authenticity of a file against data manipulation (example below).
Why there isn't something…
Gabriel Maia Gondim
- 21
- 3
2
votes
1 answer
Were software "CD key" schemes backdoored or simply misdesigned?
Back in the day, retail software was shipped on physical CDs that often had a printed "CD key" label affixed. The (usually alphanumeric) key on the label was unique to that particular copy of the product, and it needed to be entered during setup for…
smitelli
- 2,035
- 3
- 15
- 19
2
votes
5 answers
Prove log files weren't tampered with?
Say I have some Apache logs that show brute force attempts on a login page. I've singled out the IP, and found out who the culprit was. How can I show to a third party that I didn't makeup the entries in those logs?
Is there a way to systematically…
TACO
- 23
- 3
1
vote
1 answer
Good checksum algorithm for backup / cloud sync system
I am writing a cloud backup system, and want to use a checksum to know if a file has been modified, and accordingly sync it with the server.
This question shows that xxHash is super fast, and this shows that it is significantly worse in terms of…
t348575
- 113
- 2
1
vote
0 answers
When file hash not available, how to best check authenticity of a file?
Normally, The Document Foundation (TDF) publishes the SHA-256 and SHA-1 hashes, along with the MD5 checksum, for all LibreOffice releases. For example, see this.
However, for their current release (v7.1.4), TDF did not publish any hashes or even a…
RockPaperLz- Mask it or Casket
- 3,114
- 21
- 50
1
vote
1 answer
Do all files downloaded from the web, come with a checksum to verify the file?
Pretty straightforward question. Take the image here:
https://i.imgur.com/oEdf6Rl.png
Does it come with a checksum, which I can verify against after I have fully downloaded the file?
This question goes for any file downloaded, and in my particular…
1
vote
1 answer
What do algorithms `128000` and `256000` do in `sha3sum`?
I wanted to try new sha3sum so I installed libdigest-sha3-perl on Debian 10. After reading man page I quickly realized that:
sha3sum --algorithm 256 test.txt
produces similar output to sha256sum and that
sha3sum --algorithm 512 test.txt
produces…
Ben Hoven
- 11
- 1
1
vote
0 answers
How Should Multiple Checksums Be Performed On the Same Data?
I am using CRC32 to verify the integrity of received UDP packets. Along with the generator polynomial, the sender will also specify how many checksums to perform on the sent data, as well as what iteration to start at in its body. How should this be…
Justin Marinelli
- 11
- 1
1
vote
1 answer
If site provides MD5 to check file, can't the comparison string also not be modified?
I am new to this so please bear with me. I was downloading a VM image and I was told to check the MD5. Naturally, I did but wondered,
If a hacker would change the file to be downloaded from the site,
wouldn't the hacker also be able to change…
heretoinfinity
- 179
- 5