Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
File verification
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== File formats == A '''checksum file''' is a small file that contains the checksums of other files. There are a few well-known checksum file formats.<ref> [https://ant.apache.org/manual/Tasks/checksum.html "Checksum"]. </ref> Several utilities, such as [[md5deep]], can use such checksum files to automatically verify an entire directory of files in one operation. The particular hash algorithm used is often indicated by the file extension of the checksum file. The ".sha1" file extension indicates a checksum file containing 160-bit [[SHA-1]] hashes in [[sha1sum]] format. The ".md5" file extension, or a file named "MD5SUMS", indicates a checksum file containing 128-bit [[MD5]] hashes in [[md5sum]] format. The ".sfv" file extension indicates a checksum file containing 32-bit CRC32 checksums in [[simple file verification]] format. The "crc.list" file indicates a checksum file containing 32-bit CRC checksums in brik format. As of 2012, best practice recommendations is to use [[SHA-2]] or [[SHA-3]] to generate new file integrity digests; and to accept MD5 and SHA-1 digests for backward compatibility if stronger digests are not available. The theoretically weaker SHA-1, the weaker MD5, or much weaker CRC were previously commonly used for file integrity checks.<ref>NIST. [http://csrc.nist.gov/groups/ST/hash/policy.html "NIST's policy on hash functions"] {{Webarchive|url=https://web.archive.org/web/20110609064344/http://csrc.nist.gov/groups/ST/hash/policy.html |date=2011-06-09 }}. 2012.</ref><ref> File Transfer Consulting. [http://www.filetransferglossary.com/category/integrity/ "Integrity"]. </ref><ref>[http://www.sans.org/security-resources/idfaq/integrity_checker.php "Intrusion Detection FAQ: What is the role of a file integrity checker like Tripwire in intrusion detection?"] {{Webarchive|url=https://web.archive.org/web/20141012055343/http://www.sans.org/security-resources/idfaq/integrity_checker.php |date=2014-10-12 }}.</ref><ref> Hacker Factor. [http://fotoforensics.com/tutorial-digest.php "Tutorial: File Digest"]. </ref><ref> Steve Mead. [http://www.nsrl.nist.gov/Documents/analysis/draft-060530.pdf "Unique File Identification in the National Software Reference Library"] p. 4. </ref><ref> Del Armstrong. [http://www.giac.org/paper/gcux/188/introduction-file-integrity-checking-unix-systems/104739 "An Introduction To File Integrity Checking On Unix Systems"]. 2003. </ref><ref> [http://www.cisco.com/web/about/security/intelligence/iosimage.html "Cisco IOS Image Verification"] </ref><ref> Elizabeth D. Zwicky, Simon Cooper, D. Brent Chapman. [https://books.google.com/books?id=Q0ErhHGxNWcC "Building Internet Firewalls"]. p. 296. </ref><ref> Simson Garfinkel, Gene Spafford, Alan Schwartz. [https://books.google.com/books?id=50maN7VmpusC "Practical UNIX and Internet Security"]. p. 630. </ref> CRC checksums cannot be used to verify the authenticity of files, as CRC32 is not a [[collision resistance|collision resistant]] hash function -- even if the hash sum file is not tampered with, it is computationally trivial for an attacker to replace a file with the same CRC digest as the original file, meaning that a malicious change in the file is not detected by a CRC comparison.{{Citation needed|date=March 2021}}
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)