MSFT File Resource and checksum

DSC
1

I want to be able to verify the correct version of some files are on a server. The built-in File resource looks like what I should be using. I am usually a bit nervous of using file dates to do this (either createdDate or modifiedDate), so it looks like using something like Checksum=“SHA-1” is a better option.

Would are the pros/cons of using SHA-1 vs SHA-256 vs SHA-512?

There is also the “MatchSource” Boolean property, that based on my testing seems to need to be set to “True” to even have the Checksum test performed. Can someone conform that is correct? The TechNet documentation on this property is blank.

There is also a “Force” Boolean property. Can someone explain what this does as the TechNet documentation is also blank.

Lastly, if using the File resource with Type=“Directory”, does using a Checksum result in a way to be sure the same version of all files, and files of nested folders (Recurse=“True”), are the same so that if any file changes in the source, the destination file will be updated?

Thanks in advance…

2

Here are the descriptions of the Force and MatchSource properties from the schema files:

“Perform the file operation even if it will destroy content files, or directories.”
“Always compare the DestinationPath with the SourcePath. The default is false, meaning we will use cached information.”

For hash algorithms, I’d probably just go with SHA-512. The difference in performance between the three algorithms is not that huge, and SHA-1 is being phased out due to security concerns. See http://www.cryptopp.com/benchmarks-amd64.html for a comparison of performance.

As for the behavior of MatchSource / CheckSum with a Directory, I’m not sure, but that should be easy to test.