>From Wikipedia: Checksum functions are related to hash functions, fingerprints, randomisation functions, and cryptographic hash functions. However, each of those concepts has different applications and therefore different design goals. Check digits and parity bits are special cases of checksums, appropriate for small blocks of data (such as Social Security numbers, bank account numbers, computer words, single bytes, etc.). Some error-correcting codes are based on special checksums that not only detect common errors but also allow the original data to be recovered in certain cases.
In my experience: Checksums are generally computationally easy and generally seem to be used when speed is important, and cryptographic security is not. Hashes, in my usage and experience, are used to provide some type of identity to larger sets of data (fingerprints on files is a common application), and tend to be used when security is more important than computation speed. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Saul Rennison Sent: Wednesday, July 08, 2009 3:48 AM To: Discussion of Half-Life Programming Subject: Re: [hlcoders] Access reception to hlcoders forum Would you please explain what the difference is? :) Sent from my iPhone On 8 Jul 2009, at 02:52, Bob Somers <[email protected]> wrote: > SHA-1 is not a checksum, it's a hash. A checksum (like a CRC32, CRC16, > etc.) is different from a hash. > > Also, what Jonas and Harry mentioned applies. Even if it is a hash and > not a checksum, it could easily just be replace unless it is signed. > > --Bob > > > > On Tue, Jul 7, 2009 at 2:01 PM, Dave Gomboc<[email protected]> > wrote: >>> >>> Checksums really don't provide security against tampering, as they >>> are >>> too easy to manufacture. They're more often used to detect casual >>> corruption errors like those that could be introduced during network >>> transmission. >>> >>> --Bob >>> >> >> I'm not sure what your definition of "easy to manufacture" is, but >> I'm not >> aware that the frequently-used SHA-1 would qualify as such. >> Finding a >> collision has been proven to be possible faster than via brute >> force attack, >> but I would think that doing so with contrived data that must also >> serve as >> a working substitute for the original data would still be pretty >> difficult >> (as of July 2009, anyway). Also, there's better checksums than >> SHA-1 that >> could be used in its stead. >> >> Dave >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list >> archives, please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlcoders >> >> > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list > archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlcoders > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlcoders _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlcoders
