tags:

views:

109

answers:

4
Q: 

enough using checksum

How would you do that?

You are sending files which contains many lines.Every line is a record from database.

All files are zipped toggether into one file. Is it enough to send a checksum with this file to ensure that other side received all records and none has disappear?

+2  A: 

A checksum would change if any contents of the file were malformed or missing, so by comparing the checksums, the recipient can be sure that the files were received fully and not damaged. After all, that is the entire purpose of the checksum.

If you are worried about attackers, I would not send the checksum with the files, as an attacker could intercept both the file and the checksum, change the file, modify the checksum to allow the modifications to appear valid, and send the file on its way.

Like other posters have said, however, the major packaging formats contain a built-in checksum for validation of the contents.

Thomas Owens  2009-08-11 13:41:25
+1  A: 

If it's zipped you're sending only one file. If the zip file is not received properly, you would not be able to open it. Internally zipped archives manage their own checksums to ensure the data integrity.

Indeera  2009-08-11 13:43:14
However, checksums have the added benefit of being used at any time. I could unzip, change the contents, and rezip using the same compression algorithm and the file would be fine. The checksum would let me know things have changed. It provides another layer of validation.
Thomas Owens  2009-08-11 13:45:13
Assuming the 'middleman' didn't intercept the checksum as well and updated it to reflect the changes.
Indeera  2009-08-11 13:47:52
I should update my post. Generally, you don't send the checksum WITH the file, but make it available for use.
Thomas Owens  2009-08-11 13:48:55
Generally if that's the requirement, then encryption should be used.
Indeera  2009-08-11 13:49:56
+2  A: 

There's usually a built-in checksum in most packing formats (gzip, zip, ...) so it is not necessary to add one if you only want to check if the file has not been physically damaged during the transfer.

Altherac  2009-08-11 13:45:02
Like I said to Indeera's answer, a checksum can be used to continually verify the contents, which provides an added benefit to the checksum produced by the packaging formats.
Thomas Owens  2009-08-11 13:47:00
True. I did not think about the security aspect. However, if you want to enforce file integrity through checksums, you need to have a reliable source for them. As far as I know, checksums are used to validate a file as genuine wherever it comes from, usually by checking the file against a checksum you obtained from a legit source.If you send the checksums along with the files, what would prevent an attacker from extracting files, modifying them, recalculating their checksum and zip everything back ? Unless you use an obscure checksum algorithm of course...
Altherac  2009-08-11 13:53:52
+1  A: 

It depends on what kind of "disappear" you are trying to protect against. If it's just random errors, then a checksum is fine. On the other hand, if it's a malicious attacker deliberately disappearing records, then a checksum is insufficient and you need a MAC.

caf  2009-08-11 13:46:44
A checksum would still protect against a malicious attacker removing records as any modification to the zip would change the checksum.
Thomas Owens  2009-08-11 13:47:44
Checksums are not designed to protect against malicious agents - it is trivial for the attacker to either modify one of the remaining records so that the checksum checks out - or simply replace it too (since it is transmitted through the same channel).
caf  2009-08-11 13:53:17

related questions

What is a javascript hash table implementation that avoids object namespace collisions?
Best way to prevent duplicate use of credit cards
Why is '397' used for ReSharper GetHashCode override?
How does c# figure out the hash code for an object?
What's the best hashing algorithm to use on a stl string when using hash_map?
Is there any way to use a "constant" as hash key in Perl?
Unique ID c++
Detect changes in random ordered input (hash function?)
How do I hash a string with Delphi?
Can I depend on the values of GetHashCode() to be consistent?
How to get hashes out of arrays in Perl?
Search by hash?
Given that I have a hash of id(key) and countries(values) sorted alphabetically, what is the best way to bubble up an entry to the top of the stack?
Saving Perl Windows Environment Keys UPCASES them
What is a good Hash Function?
How do I create a SHA1 hash in ruby?
How Do I Create a Hash Table in Java?
How would you implement a hashtable in language x?
why are downloads sometimes tagged md5, sha1 and other hash indicators?
How to find keys of a hash?
How do I generate a hashcode from a byte array in c#
How would a sdbm hash function be implemented in C#?
What is the best way to create a sparse array in C++
What's the safest way to iterate through the keys of a Perl hash?
Decode email address from Gravatar hash?