Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!uflorida!haven!adm!smoke!gwyn
From: gwyn@smoke.BRL.MIL (Doug Gwyn )
Newsgroups: comp.sys.apple
Subject: Re: viruses and checksums
Message-ID: <9830@smoke.BRL.MIL>
Date: 9 Mar 89 16:50:29 GMT
References: <8903081732.aa22924@SMOKE.BRL.MIL>
Reply-To: gwyn@brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>)
Organization: Ballistic Research Lab (BRL), APG, MD.
Lines: 18

In article <8903081732.aa22924@SMOKE.BRL.MIL> ALBRO@NIEHS.BITNET writes:
>I was under the impression that, in contrast to a checksum, which would give
>the same number regardless of the order of the bytes in a set, a CRC would
>come out differently if you had the same bytes in a different order.

A true checksum is indeed simply the sum of the word values and thus does
not detect transposition of the words.  However, often the term "checksum"
is applied more generically, to include CRCs and other "summaries" of the
contents of a file used for similar purposes.

>If that is the case, introducing new code into a file (even with a
>separate checksum of zero) would always be detected by a CRC.
>Is this right?

There is only a small chance of such a change not being detected by a good
CRC, unless the code change took cognizance of the CRC and arranged to
reproduce the same CRC value.  If you know where the CRC is and how it's
computed, it isn't actually very hard to outwit it.