Checksum vs Cryptographic Hash

The terms "checksum" and "hash" are often used interchangeably in casual conversation, but they refer to fundamentally different categories of functions with different security properties, performance characteristics, and appropriate use cases.

What is a checksum?

A checksum is a value computed from data to detect accidental errors. Common checksum algorithms include CRC32 (Cyclic Redundancy Check, 32 bits), Adler-32 (used in zlib), and simple parity checks. These algorithms are designed for speed and error detection, not security. CRC32 can be computed orders of magnitude faster than SHA-256 and is often implemented directly in hardware (e.g., the CRC32 instruction on x86 processors).

What is a cryptographic hash?

A cryptographic hash function must satisfy three security properties: preimage resistance (given a hash h, it is infeasible to find any input m such that hash(m) = h), second preimage resistance (given an input m1, it is infeasible to find a different m2 with the same hash), and collision resistance (it is infeasible to find any two different inputs with the same hash). SHA-256, SHA-512, and SHA-3 satisfy all three. MD5 and SHA-1 have failed on collision resistance.

Key differences:

Checksums are designed to detect random errors (bit flips, truncation). An attacker can trivially create a different file with the same CRC32 checksum. Cryptographic hashes are designed to resist intentional manipulation: an attacker cannot feasibly create a different file with the same SHA-256 hash. Checksums are much faster and use fewer resources. A CRC32 computation on 1GB of data takes milliseconds; SHA-256 takes seconds.

When to use each:

Use checksums (CRC32) for: network protocol error detection (Ethernet, TCP, ZIP), real-time data streaming where speed is critical, error correction codes in storage systems, and any context where you only need to detect accidental corruption. Use cryptographic hashes (SHA-256) for: verifying software downloads, digital signatures, data authentication, password hashing (with proper algorithms), and any context where an adversary might deliberately modify data.

The confusing middle ground:

MD5 and SHA-1 are cryptographic hash functions that have been broken for collision resistance but retain preimage resistance. In practice, they are sometimes used as "fast checksums," which is acceptable for non-security purposes but creates confusion about their appropriate use. Using SHA-256 for everything (security and non-security) avoids this confusion, with CRC32 reserved for performance-critical non-security applications.