It has been shown that cyclic redundancy checks with
known generator polynomials should not be used to verify
the integrity when someone can alter the data between its
source and destination and can obtain the original CRC
values. Two solutions are to keep the polynomial used to
create the CRC secret 9 » or to incorporate some secret
value into the CRC that is unknown to the adversary as in
HMAC-SHA1 or HMAC-MD5 10 » . A hash function
such as MD5 or SHA1 may be a better choice to verify
integrity of data. One-way hashes are mathematical
functions that produce a relatively unique value for a
particular message.