Generated by a cryptographic algorithm, a cryptographic checksum is a mathematical value assigned to a file sent through a network for verifying that the data contained in that file is unchanged. The algorithm performs numerous mathematical operations to create a hash value, or fixed string of digits. This hash value is then used as a checksum to confirm that the sent file was not changed by an attacker.
A hash value remains unchanged from the time it is created and is considered an "electronic fingerprint" of a file. A cryptographic checksum is assigned to a file and is used to verify that the data in that file has not been tampered with or manipulated, possibly by a malicious entity.
Cryptographic checksums provide the basis of modern cryptography, particularly for signing and encryption, digital signatures, email certificates and website certificates. They are also known as message authentication codes, integrity check values, modification detection codes or message integrity codes.
A cryptographic checksum is based on hash functions that provide hash values -- also known as hash codes -- for every file. The cryptographic hash function takes an input and produces a fixed-length sequence of numbers and letters. The checksum is of the same length, regardless of the original file's size.
When a user creates a file and makes copies of it, the file always has the same hash code. If as much as one bit of information in the file changes -- say, because it was manipulated by an eavesdropper or data thief -- a different hash code/checksum is generated.
The hash function checksum procedure ensures that the files sent during communication return the same hash code for the sender and the receiver. If the hash code changes, any damage or manipulation can be easily identified.
If the checksum of the original file is known, an authorized user can run a checksum/hashing utility on the file to match the resulting checksum to the original checksum. If these two checksums match, the file is identical. However, if they don't match, the user can identify a fake version of the original file.
Checksums are used to check files and other data for errors or manipulation that might have occurred during data transmission or storage.
Typical checksum algorithms are MD5, SHA-1, SHA-256 and SHA-512.
MD5, or Message Digest Algorithm 5, is a cryptographic algorithm. It produces a 128-bit checksum. Although MD5 is fast, it is not as secure as the Secure Hash Algorithm (SHA) functions.
The SHA family of algorithms is published by the National Institute of Standards and Technology. One algorithm, SHA-1, produces a 160-bit checksum and is the best-performing checksum, followed by the 256-bit and 512-bit versions.
Checksums play an important role in data protection and file security. Organization or user requirements dictate which checksum is used.
Cryptographic checksums help authenticate files and their integrity. These algorithms also make it possible to acknowledge receipt of a file's last processing status.
Checksums are used for applications such as the following:
A user can compare the checksum of a particular file against the original checksum using utilities in Windows, macOS and Linux. Third-party utilities are not required.
Here is how users can access the checksums for their files in Windows using PowerShell's Get-FileHash command:
If the hash value matches with the original file, then the files are identical. If not, the files are modified or corrupted.
Based on the hash function checksum procedure, the checksums derived for different files should have different lengths. However, there could be an infinite number of computer files, so it's impossible to assign a different value to each file with a checksum number of fixed length.
Also, an attacker could manipulate a file and then try to obtain a file version with the cryptographic checksum that's identical to the original file, possibly by inserting invisible control characters through trial and error. If the attacker succeeds in creating a second file with the same cryptographic checksum as the original file, the hash function is considered broken.
When a bad actor tries to find two inputs producing the same hash value, it is known as a collision attack.
Theoretically, a computer with infinite computational power can break cryptographic checksums by trying out many possibilities in a brute-force attack. Nonetheless, this approach is not feasible since it would require complex calculations that cannot be completed in a reasonable time frame.
See also cryptology, asymmetric cryptography, strong cryptography, quantum cryptography, cryptanalysis, cryptosystem, Rivest-Shamir-Adleman algorithm, stream cipher, private key, public key, session key, International Data Encryption Algorithm and Advanced Encryption Standard.
29 Dec 2021