Misplaced Pages

Simple file verification

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
File format for storing file checksums
This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "Simple file verification" – news · newspapers · books · scholar · JSTOR (September 2018) (Learn how and when to remove this message)
This article may require cleanup to meet Misplaced Pages's quality standards. The specific problem is: Needs refocussing on sfv extension rather than overlapping with File verification. Relevant discussion may be found on Talk:File verification. Please help improve this article if you can. (November 2022) (Learn how and when to remove this message)
Simple file verification
Filename extension .sfv
Internet media type text/x-sfv
Type of formatPlain text list of CRC32 checksums

Simple file verification (SFV) is a file format for storing CRC32 checksums of files to verify the integrity of files. SFV is used to verify that a file has not been corrupted, but it does not otherwise verify the file's authenticity. The .sfv file extension is usually used for SFV files.

Checksum

Files can become corrupted for a variety of reasons, including faulty storage media, errors in transmission, write errors during copying or moving, and software bugs. SFV verification ensures that a file has not been corrupted by comparing the file's CRC hash value to a previously calculated value. Due to the nature of hash functions, hash collisions may result in false positives, but the likelihood of collisions is usually negligible with random corruption. (The number of possible checksums is limited though large, so that with any checksum scheme many files will have the same checksum. However, the probability of a corrupted file having the same checksum as its original is exceedingly small, unless deliberately constructed to maintain the checksum.)

SFV cannot be used to verify the authenticity of files, as CRC32 is not a collision resistant hash function; even if the hash sum file is not tampered with, it is computationally trivial for an attacker to cause deliberate hash collisions, meaning that a malicious change in the file is not detected by a hash comparison. In cryptography, this attack is called a collision attack. For this reason, the md5sum and sha1sum utilities are often preferred in Unix operating systems, which use the MD5 and SHA-1 cryptographic hash functions respectively.

Even a single-bit error causes both SFV's CRC and md5sum's cryptographic hash to fail, requiring the entire file to be re-fetched. The Parchive and rsync utilities are often preferred for verifying that a file has not been accidentally corrupted in transmission, since they can correct common small errors with a much shorter download.

Despite the weaknesses of the SFV format, it is popular due to the relatively small amount of time taken by SFV utilities to calculate the CRC32 checksums when compared to the time taken to calculate cryptographic hashes such as MD5 or SHA-1.

SFV uses a plain text file containing one line for each file and its checksum in the format FILENAME<whitespaces>CHECKSUM. Any line starting with a semicolon ';' is considered to be a comment and is ignored for the purposes of file verification. The delimiter between the filename and checksum is always one or several spaces; tabs are never used. A sample SFV file is:

; This is a comment
file_one.zip   c45ad668
file_two.zip   7903b8e6
file_three.zip e99a65fb

Command-line utility

An example of an open-source cross-platform command-line utility that outputs crc32 checksums is 7-Zip.

Many Linux distributions include a simple command-line tool cksfv to verify the checksums.

See also

References

  1. ^ Wang, Wallace (2004). Steal this file sharing book: what they won't tell you about file sharing. ISBN 9781593270940.
  2. "h (Hash) command", 7-Zip, May 23, 2016

Further reading

External links

Windows only

  • RapidCRC- Freeware application
  • RekSFV - SFV, MD5, SHA1 utility (Multi-Language, Unicode, with batch mode for checking a huge amount of folders)
  • RapidCRC Unicode- RapidCRC with Unicode support (v0.3.4 as of 05/27/2012 supports UTF-8 with or without BOM and UTF-16 LE)
  • AmoK SFV Utility - CRC32 and MD5 Compatible
  • SFV Ninja - SFV, MD5, SHA-1/256/384/512 utility (Freeware for personal use)
  • SFV Checker
  • SFVManager
  • SlavaSoft FSUM - Fast File Integrity Checker
  • HashCheck Shell Extension - SFV, MD4, MD5, SHA-1 (Multi-Language)
  • Total Commander - supports creation and verification of SFV files
  • hkSFV - supports creation and verification of SFV files (crashes on massive SFV files check)
  • DySFV - Open Source (free) application for large files
  • ilSFV - free and open-source SFV, MD5 and SHA-1 file verification utility.
Categories: