What the difference between CRC and checksum?

Question

What the difference between CRC and checksum?

Answer 1

Jeff Atwood (founder of Stack Overflow) wrote in his Checksums and Hashes blog post:

I learned to appreciate the value of the Cyclic Redundancy Check (CRC) algorithm in my 8-bit, 300 baud file transferring days. If the CRC of the local file matched the CRC stored in the file (or on the server), I had a valid download. I also learned a little bit about the pigeonhole principle when I downloaded a file with a matching CRC that was corrupt!

 

A checksum is an error-detection scheme that typically refers to a cryptographic hash function, though it also includes CRC. Here are three different types of checksum:

Cyclic Redundancy Checks like CRC32 are fast but collision-prone. They are not robust to collision attacks, meaning that somebody can take a given CRC and easily a second input that matches it.

Cryptographic hash functions like MD5 (weaker), SHA1 (weak), and SHA256 (strong) are specifically designed to be resistant to collision attacks. They are preferable to CRCs in every situation except speed; use the strongest algorithm you can computationally afford.

Key derivation functions like PBKDF2 and bcrypt are designed for passwords. They are checksums that are expensive to compute so that they're robust to brute-force attacks.

See also this Crypto.SE question on CRC vs SHA1. Wikipedia has a hash function security summary page that discusses collision-proneness of various cryptographic hashes.