In this case, a checksum is too easy to get a collision with. You need to use a current secure hash function such as sha256.
This then must be encrypted with a key pair encryption algorithm, such as RSA. Preferably RSA2048 or RSA1024. The application will hash the file, then encrypt that hash(with the private key) and place the result in another location. The application that reads the file will decrypt using the public key and then hash the file and compare the 2 hashes. The private key, or the encrypting key must be obfuscated alot inside your code. Cause any intelligent developer(hacker) who understands a bit of assembly and the use of ollydbg or ida can fish out that key. -------------------------------------------------- From: "Jacob Heidt" <[email protected]> Sent: Thursday, July 09, 2009 12:14 AM To: "'Discussion of Half-Life Programming'" <[email protected]> Subject: Re: [hlcoders] Access reception to hlcoders forum > From Wikipedia: > > Checksum functions are related to hash functions, fingerprints, > randomisation functions, and cryptographic hash functions. However, each > of > those concepts has different applications and therefore different design > goals. Check digits and parity bits are special cases of checksums, > appropriate for small blocks of data (such as Social Security numbers, > bank > account numbers, computer words, single bytes, etc.). Some > error-correcting > codes are based on special checksums that not only detect common errors > but > also allow the original data to be recovered in certain cases. > > In my experience: > > Checksums are generally computationally easy and generally seem to be used > when speed is important, and cryptographic security is not. Hashes, in my > usage and experience, are used to provide some type of identity to larger > sets of data (fingerprints on files is a common application), and tend to > be > used when security is more important than computation speed. > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Saul > Rennison > Sent: Wednesday, July 08, 2009 3:48 AM > To: Discussion of Half-Life Programming > Subject: Re: [hlcoders] Access reception to hlcoders forum > > Would you please explain what the difference is? :) > > Sent from my iPhone > > On 8 Jul 2009, at 02:52, Bob Somers <[email protected]> wrote: > >> SHA-1 is not a checksum, it's a hash. A checksum (like a CRC32, CRC16, >> etc.) is different from a hash. >> >> Also, what Jonas and Harry mentioned applies. Even if it is a hash and >> not a checksum, it could easily just be replace unless it is signed. >> >> --Bob >> >> >> >> On Tue, Jul 7, 2009 at 2:01 PM, Dave Gomboc<[email protected]> >> wrote: >>>> >>>> Checksums really don't provide security against tampering, as they >>>> are >>>> too easy to manufacture. They're more often used to detect casual >>>> corruption errors like those that could be introduced during network >>>> transmission. >>>> >>>> --Bob >>>> >>> >>> I'm not sure what your definition of "easy to manufacture" is, but >>> I'm not >>> aware that the frequently-used SHA-1 would qualify as such. >>> Finding a >>> collision has been proven to be possible faster than via brute >>> force attack, >>> but I would think that doing so with contrived data that must also >>> serve as >>> a working substitute for the original data would still be pretty >>> difficult >>> (as of July 2009, anyway). Also, there's better checksums than >>> SHA-1 that >>> could be used in its stead. >>> >>> Dave >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list >>> archives, please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlcoders >>> >>> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list >> archives, please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlcoders >> > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlcoders > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlcoders > > > > No virus found in this incoming message. > Checked by AVG - www.avg.com > Version: 8.5.375 / Virus Database: 270.13.8/2224 - Release Date: 07/08/09 > 05:53:00 > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlcoders
