SHA-1 is not a checksum, it's a hash. A checksum (like a CRC32, CRC16, etc.) is different from a hash.
Also, what Jonas and Harry mentioned applies. Even if it is a hash and not a checksum, it could easily just be replace unless it is signed. --Bob On Tue, Jul 7, 2009 at 2:01 PM, Dave Gomboc<[email protected]> wrote: >> >> Checksums really don't provide security against tampering, as they are >> too easy to manufacture. They're more often used to detect casual >> corruption errors like those that could be introduced during network >> transmission. >> >> --Bob >> > > I'm not sure what your definition of "easy to manufacture" is, but I'm not > aware that the frequently-used SHA-1 would qualify as such. Finding a > collision has been proven to be possible faster than via brute force attack, > but I would think that doing so with contrived data that must also serve as > a working substitute for the original data would still be pretty difficult > (as of July 2009, anyway). Also, there's better checksums than SHA-1 that > could be used in its stead. > > Dave > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlcoders > > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlcoders
