我需要使用 Web 服务传递文件(我可以控制 Web 服务)。为了满足安全要求,我需要确保传递的文件没有被修改或损坏。我打算像下面那样做。
- 将我的文件转换为
byte[] 计算哈希,
System.Security.Cryptography.MD5.Create().ComputeHash(stream);传递文件
当我将文件(字节数组)传递给 Web 服务时,传递我的哈希值是一个好习惯吗?
还是我需要按照其他流程来检查文件?处理这个问题的最佳方法是什么?
问问题
1342 次
1 回答
0
If it's a security requirement, sending the MD5 sum along with the file is probably not what you want to do: anyone who can intercept the file can also rewrite the checksum as well.
I use CRCs, instead: they are somewhat more sensitive to small changes in a file (or stream's) contents, and they are more compact and easier to compare. .NET doesn't appear to have a CRC implementation, but I found a nice one online that appears to work well, Calculating CRC-32 in C# and .NET.
Does your client have the capability of computing the checksum independently on its side as well?
于 2013-07-06T21:24:43.490 回答