How does CRC/Checksum work?

bonjourvn · 09-01-2009, 07:21 AM

Say you are developing a program that transmits files or messages. You want to verify the transmission with Checksum. How would you do it? How does CRC/Checksum even work? Is it accurate for verifying files?

qbert220 · 09-01-2009, 10:13 AM

A checksum is very simple. You just sum all the data. For example, for a byte checksum you add the first byte, the second bye, the third byte ... the last byte. The result is truncated to fit into a byte. Checksums are easy to calculate, but not very effective for detecting corruption.

A CRC relies on a polynomial with special properties. A bit complicated to explain in detail here, but basically it uses bit shift and conditional exclusive OR operations to produce the CRC value. This results in an effective error detection mechanism. CRCs are not secure though. It is possible to someone to tamper with a file in such a way that is results in the same CRC.

A secure hash such as MD5 would provide better protection against intentional tampering. But you would have to send the hash over a secure channel. One way of doing this would be to use a private key to encrypt the hash, then decode with the corresponding public key the other end.

Hanratty · 09-04-2009, 04:31 AM

CRC is just a hash. If the file encountered an error during transmission, it will almost certainly have the CRC value change. There are a LOT of programs that will compute various hashes of files for you, including some hex editors.

The CRC is not a security thing, just helps insure the file wasn't corrupted during download.

09-01-2009, 07:21 AM	THREAD STARTER #1 (permalink)
bonjourvn Account Closed Join Date: Jul 2009 Posts: 13	How does CRC/Checksum work? Say you are developing a program that transmits files or messages. You want to verify the transmission with Checksum. How would you do it? How does CRC/Checksum even work? Is it accurate for verifying files?

09-01-2009, 10:13 AM	#2 (permalink)
qbert220 NamePros Regular Join Date: Jul 2007 Location: UK Posts: 395	A checksum is very simple. You just sum all the data. For example, for a byte checksum you add the first byte, the second bye, the third byte ... the last byte. The result is truncated to fit into a byte. Checksums are easy to calculate, but not very effective for detecting corruption. A CRC relies on a polynomial with special properties. A bit complicated to explain in detail here, but basically it uses bit shift and conditional exclusive OR operations to produce the CRC value. This results in an effective error detection mechanism. CRCs are not secure though. It is possible to someone to tamper with a file in such a way that is results in the same CRC. A secure hash such as MD5 would provide better protection against intentional tampering. But you would have to send the hash over a secure channel. One way of doing this would be to use a private key to encrypt the hash, then decode with the corresponding public key the other end. __________________ DNS Test and Check - PHP Tutorials Credit Score Ratings FHA Loan Information

09-04-2009, 04:31 AM	#3 (permalink)
Hanratty New Member Join Date: Sep 2009 Posts: 4	CRC is just a hash. If the file encountered an error during transmission, it will almost certainly have the CRC value change. There are a LOT of programs that will compute various hashes of files for you, including some hex editors. The CRC is not a security thing, just helps insure the file wasn't corrupted during download. __________________ Listen to Emails Last edited by Hanratty; 09-20-2009 at 09:29 AM.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)