alt Hacker NewsComputing a CRC is equivalent to attacking it. The checksum is the value that produces a certain fixed constant when appended to the data. This is why you'll often see checksums as the last field in a message. It allows for hardware to verify the entire message by checking if the CRC of the bytes equals that fixed constant without having to parse it.
It's trivially easy to create a malicious file with the same CRC as another file.
So "verifying" using CRC is very stupid if you're trying to prevent malicious execution. You need to use cryptographic signatures.