Checksum

Checksum

Checksum is the outcome of running an algorithm, called a cryptographic hash function on a piece of data, single file OR folder.

Comparing the checksum that you generate from your version of the file against the one provided by the source of the file helps ensure that your copy of the file is genuine and error-free.

Checksum is often called hash-sum, hash-code OR hash.

?

Why we needed Checksum

Let’s consider a scenario, being an audit company ABC, has issued VAPT certificate to a website.

Later, developer(s) changed code and introduced some vulnerabilities into website. Client reached out to Audit company ABC asking authenticity of certificate because website has vulnerabilities. How audit company will be able to prove that Production has different code i.e. other code base, and they audited another code base and changes introduces vulnerabilities.

So, usually audit company do checksum of published code before issuing certificate and kept that hash value into their record and mentioned same values to certificate. If client report any vulnerabilities later, they again calculate checksum and compare with old values. If checksum is different, audit company explain its not same code base to which they audited.

Another use case of checksum while transferring files from one server to another. Along with file, we can pass checksum information and downloader can check checksum of file after downloading, if checksum is not same, downloader can reject file suspected virus infected OR wrong file.

Do the checksums not match? This can mean several things:

• Someone replaced the download with something malicious without you knowing.
• The file was changed on purpose by you. As you read above, this could be an imperceptible change, like adding or removing a single letter or other character.
• You're comparing a totally different, but harmless file, like a newer version if it's a software program, or an updated document.
• The network connection was interrupted, and the file didn't finish downloading, or there was an issue with storing the file once it reached your hard drive. Try downloading the file again and then create a new checksum on the new file, and then compare again.

?

Checksums are also useful for verifying that a file you downloaded from somewhere?other?than the original source is, in fact, a valid file and hasn't been altered, maliciously or otherwise, from the original. Just compare the hash you create with the one available from the file's source.

?