Subj : Re: MD5/SHA256/etc vs CRC
To   : debian
From : Fissile Syntax
Date : Tue Dec 12 2023 23:24:54

 de> Just wanting to know - how does MD5/SHA256 or 512 compare to a CRC check
 de> when it comes to detecting if a file has changed or has been tampered?
 de> Would CRC be better suited for this task, or would a checksum work fine?

https://stackoverflow.com/questions/16122067/md5-vs-crc32-which-ones-better-fo
r-common-use

Some reading on this suggests that it is easier to create a different (malware) file with the same checksum as the legitimate one when using CRC.  This is apparently much harder than doing so using a hashing algorithm, but it is computationally faster to use CRC.

Several posts suggest that CRC (and BBS users would know this from file xfers) is best used to detect errors created by line noise or data corruption, rather than for file integrity from a security (rather than network engarblement+) standpoint.

+ = I thought I invented this word just now and was very pleased with myself until I googled and found 13 results.  Drat, I say.

I always use SHA256 or SHA512 for this sort of thing for my personal projects. MD5 is outdated, apparently, or so I have read.

In my case, though, computational speed is unimportant.

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
 * Origin: Shipwrecks & Shibboleths [San Francisco, CA - USA] (700:100/72)

.