A checksum is an advanced form of redundancy check, a one-way "digital fingerprint", or more correctly, an asymmetric cryptographic computation. Essentially, a checksum is a unique signature, created by performing lots (and lots) of one-way manipulations on some data (aka, "the message"), eventually producing the fixed-length string we know as a "hash", aka. "message digest".
BLAKE2, SHA1 and MD5 hashing algorithms..
Crucially, the steps taken to compute this signature are well-known, and can be re-calculated, relatively quickly, anywhere, and at any time in the future, producing the exact same hash. Because the hashing algorithm is well-known, and 100% pre-determined; any change in the computed hash indicates that the message itself MUST have changed. Due to what's known as the "Avalanche effect", even a minute change in the data (even a single bit) results in a completely different hash.
Hashing functions suitable for cryptographic purposes must fulfil two important criteria..
- It must be computationally infeasible to derive the original data from the hash, and..
- It must be computationally infeasible to create another file with the same hash (aka, "a hash collision")
For file verification purposes (checksum's main use) the MD5 algorithm is perfect, mainly because of its excellent speed. However, if there is the potential for intentional file tampering, SHA1, or better yet, BLAKE2, is the preferred algorithm because, as yet, there is no known way to compute a useful hash collision in a practical time-frame.
For the ultimate in security, checksum also enables you to create "Multi-Hashes", that is, one
.hashfile containing multiple hashing algorithms. There is no known attack, theoretical or otherwise, against Multi-Hashing.
MD5MD5, (aka. 'Message-Digest Algorithm 5') the most commonly used cryptographic hash function, was invented in 1991, by Ronald Rivest at MIT (previous to this, he had developed MD4). An MD5 hash has 128-bit hash value, which is typically represented as a 32-character hexadecimal number, e.g..
In the mid-Nineties, MD5 was successfully "cracked". By no means does this make MD5 useless, rather, it is no longer recommended for situations where security is the prime concern, though in reality, the fact that collisions are theoretically possibly does not mean that anyone could actually make use of this to create a believable forged document!
For personal file verification, MD5 is still the best choice of algorithm.
SHA1The SHA1 (aka. "Secure Hashing Algorithm FIPS PUB 180-1") cryptographic function was created by the NSA, and first published by NIST in 1995. SHA1 computes a message digest that is 160 bits long, and represented as a 40-character hexadecimal number, e.g..
BLAKE2BLAKE2 is an extremely strong cryptographic function, an improved version of the SHA-3 finalist BLAKE, and was designed by a team of experts in cryptanalysis, implementation, and cryptographic engineering; namely Jean-Philippe Aumasson, Samuel Neves, Zooko Wilcox-O'Hearn and Christian Winnerlein.
BLAKE2s (the one checksum currently uses) computes a message digest that is 256 bits long, and represented as a 64-character hexadecimal number, e.g..
For more details about BLAKE2, see here.