Revision as of 22:33, 5 July 2005 edit 206.186.72.210 (talk) added Easy SFV Creator ← Previous edit		Revision as of 07:29, 8 September 2005 edit undo Sander123 (talk \| contribs) Extended confirmed users, Pending changes reviewers, Rollbackers 5,403 edits explain security of hash functions better Next edit →
Line 1: '''SFV''' is an [[abbreviation]] for ''simple file verification'', a [[checksum]] format using the [[CRC32]] algorithm to verify the integrity of files. ==Flaws==▼ [[CRC32]], and thus also SFV, is not an ideal format for [[Computer security\|securely]] verifying data integrity, since the CRC32 format is vulnerable to intentional modification that cannot be detected. Other formats, such as [[SHA512]], are better suited for ensuring the authenticity of files. [[MD5]] has also been used for this purpose, but it's now prone to the same attacks (after the discovery of an MD5 hash collision in August 2004, claimed to be found in only 1 hour on a low-grade computing cluster). ==Check sum== Line 18 ⟶ 12: file2.zip 7903b8e6 file3.zip e99a65fb ▲==Flaws== The hash functino used by SFV, [[CRC32]], is not a cryptographicly secure hash function. It is easy to intentionally create a file with a given CRC32 checksum. The fact that a file's checksum corresponds with the checksum in the SFV file is therefore no guarentee, that the file has not been tampered with. However SFV is well suited to detect 'random' changes. Other hash functions, such as [[SHA512]], are better suited for ensuring the authenticity of files. But this is only helpfull, if there a secure second channel to get the checksums. == External links ==

Simple file verification: Difference between revisions