# checksums explained

BLAKE2, SHA1 and MD5 hashing algorithms..

A checksum is an advanced form of redundancy check, a one-way "digital fingerprint", or more correctly, an asymmetric cryptographic computation. Essentially, a checksum is a unique signature, created by performing lots (and lots) of one-way manipulations on some data (aka, "the message"), eventually producing the fixed-length string we know as a "hash", aka. "message digest". Crucially, the steps taken to compute this signature are well-known, and can be re-calculated, relatively quickly, anywhere, and at any time in the future, producing the exact same hash. Because the hashing algorithm is well-known, and 100% pre-determined; any change in the computed hash indicates that the message itself MUST have changed. Due to what's known as the "Avalanche effect", even a minute change in the data (even a single bit) results in a completely different hash.

Hashing functions suitable for cryptographic purposes must fulfil two important criteria..

- It must be computationally infeasible to derive the original data from the hash, and..
- It must be computationally infeasible to create another file with the same hash (aka, "a hash collision")

*any*cryptographic function is susceptible to brute-force attack; the

*feasibility*depends on how much computational time would be required to successfully "break" a given hash, and find collisions. For MD5, this time has decreased dramatically over the last few years. Even SHA1, which is still widely used for supposedly "highly secure" applications, is now, with enough computational power, susceptible to attacks within a reasonable timeframe. A Botnet could crack it quite quickly.

For file verification purposes (checksum's main use) the MD5 algorithm is perfect, mainly because of its excellent speed. However, if there is the potential for

*intentional*file tampering, SHA1, or better yet, BLAKE2, is the preferred algorithm because, as yet, there is no known way to compute a useful hash collision in a practical time-frame.

For the ultimate in security, checksum also enables you to create "Multi-Hashes", that is, one

`.hash`

file containing multiple hashing algorithms. There is no known attack, theoretical or otherwise, against Multi-Hashing.## MD5

MD5, (aka. 'Message-Digest Algorithm 5') the most commonly used cryptographic hash function, was invented in 1991, by Ronald Rivest at MIT (previous to this, he had developed MD4). An MD5 hash has 128-bit hash value, which is typically represented as a 32-character hexadecimal number, e.g..`d24c7f0e7bc6d4cb9dacb0ff5027cc98`

In the mid-Nineties, MD5 was successfully "cracked". By no means does this make MD5 useless, rather, it is no longer recommended for situations where security is the prime concern, though in reality, the fact that collisions are theoretically possibly does not mean that anyone could actually make use of this to create a believable forged document!

For personal file verification, MD5 is still the best choice of algorithm.

## SHA1

The SHA1 (aka. "Secure Hashing Algorithm FIPS PUB 180-1") cryptographic function was created by the NSA, and first published by NIST in 1995. SHA1 computes a message digest that is 160 bits long, and represented as a 40-character hexadecimal number, e.g..`77e0c5a57709fbaa65e21cb7aa22184a99536df5`

.## BLAKE2

BLAKE2 is an*extremely*strong cryptographic function, an improved version of the SHA-3 finalist BLAKE, and was designed by a team of experts in cryptanalysis, implementation, and cryptographic engineering; namely Jean-Philippe Aumasson, Samuel Neves, Zooko Wilcox-O'Hearn and Christian Winnerlein.

BLAKE2s (the one checksum currently uses) computes a message digest that is 256 bits long, and represented as a 64-character hexadecimal number, e.g..

`4264cb256d94533b6e152da59256638bc6adfda3efc5550d7607d4e6e45592fc`

.For more details about BLAKE2, see here.