Quiz Entry - updated: 2026.07.14
What is a checksum (Type 1 hash function), and why is it NOT cryptographically secure?
A checksum like CRC or ISBN check digits detects accidental errors (typos, bit flips) but cannot detect intentional manipulation — an attacker can easily compute a valid checksum for any forged message.
Examples:
- ISBN/EAN check digit: The 13th digit of an EAN is computed by alternately multiplying digits by 1 and 3, summing, and taking the complement mod 10
- CRC (Cyclic Redundancy Check): Used at the physical layer for detecting bit errors during transmission
What they detect:
- Single-digit errors (exactly one wrong digit)
- Most transposition errors of adjacent digits (e.g., swapping 1↔6, 2↔7, 3↔8, 4↔9)
Why NOT crypto-secure:
- No key involved — anyone can compute the checksum
- An attacker can change the data and recompute a valid checksum
- Designed for accidental errors only (typos, bit flips during transmission)
Key distinction: A checksum protects against Murphy (accidental errors). A MAC or MDC protects against Mallory (intentional attacks).
Go deeper:
Cyclic redundancy check (Wikipedia) — how a CRC catches burst transmission errors, and why it is trivially forgeable.
ISBN check digit (Wikipedia) — the weighted mod-10 digit that catches single-digit and adjacent-transposition typos.