Home / Guides / Checksum vs Cryptographic Hash — The Difference Between CRC32 and SHA

A checksum like CRC32 and a cryptographic hash like SHA-256 both condense data into a short value, but their purposes are entirely different. A checksum is for detecting accidental errors, while a cryptographic hash is for preventing malicious tampering.

CRC32 quickly catches accidental corruption where bits flip during transmission or storage. ZIP, PNG, and Ethernet use it. However, it is easy to deliberately manipulate data to produce a desired CRC value, so it cannot be used to stop an attacker.

A cryptographic hash is designed so that creating different data with the same hash is computationally infeasible. That makes it suitable for situations where the other party may try to deceive you, such as download integrity, signatures, and authentication. In exchange, it is heavier to compute than CRC32.

The choice is simple. If you only need to catch accidental errors, use CRC32; if tampering or security is involved, use SHA-256 or stronger. AG HASH shows both values together, so you can check whichever suits the situation.

Hash with this algorithm