Cryptographic Hashing Function (SHA-1 and MD5): Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
(18 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
=What is a Cryptographic Hash Function?= | |||
A | A cryptographic hashing function is a deterministic procedure that takes a block of code and returns a fixed bit string. | ||
Two widely used | Two widely used hashing functions used today are MD5 and SHA-1 | ||
==SHA-1== | ==SHA-1== | ||
SHA-1 was designed by the Nation Security Agency (NSA) in 1995. | *SHA-1 was designed by the Nation Security Agency (NSA) in 1995. | ||
Published by The National Institute of Standards and Technology as a Federal Information Processing Standard for the US. | *Published by The National Institute of Standards and Technology as a Federal Information Processing Standard for the US. | ||
SHA-1 is an upgraded version of SHA-0, correcting an error is the hash specification. | *SHA-1 is an upgraded version of SHA-0, correcting an error is the hash specification. | ||
*SHA-1 is the most used version of SHA today. It is currently used in many applications and security protocols. | |||
[[File:nsa.jpg|middle]] | |||
==MD5== | ==MD5== | ||
MD5 was developed by Ron Rivest in 1991 | *MD5 was developed by Ron Rivest in 1991 | ||
*MD5 was published in 1992. | |||
*Its used in many security applications, and is great for checking file integrity. | |||
[[File:ron_rivest.jpg|middle]] | |||
<- Ron Rivest | |||
==History== | |||
MD5 | *There are many versions of Message Digest (MD) Algorithm, including MD2, MD4, MD5, and as of 2008 MD6. | ||
*Secure Hashing Algorithm (SHA) started with SHA-0, and two years later moved onto SHA-1. The National Institute of Standards and Technology published SHA-2; which are broken into 4 different digest lengths - SHA-224 (224 bits), SHA-256 (256 bits), SHA-384 (384 bits) and SHA-512 (512 bits) | |||
*SHA-3 is currently being developed in a competition, currently in round 2 and will be moving on to round 3 soon. The winner will be announced in 2012. | |||
==Differences== | ==Differences== | ||
*MD5 uses 128 bit digests, while SHA-1 has 160 bit digests. | |||
:That being said, SHA-1 has 4 billion times more output space than MD5. | |||
*MD5 is less secure than SHA-1. SHA-1 is more resistant to brute force attacks. | |||
*MD5 processes faster than SHA-1, because it has 64 steps in its algorithm compared to SHA-1's 80 steps. | |||
*MD5 is heavily used in software to check file integrity (Md5sum) and is commonly used to store passwords. | |||
*SHA-1 and SHA-2 and required by law for some US Government applications. | |||
*For Security purposes SHA-1 is preferred over MD5 due to perceived security flaws, although none have been proven. | |||
*With MD5 it is very easy to produce collisions. (a collision is production of the same hash value from two different inputs) | |||
*With SHA-1 collisions are extremely difficult to accomplish (theoretically can happen, none have actually been found yet). Knowing that it would take massive amounts of time to find a collision with the full 80 steps of hashing, beginning in 2007 The Graz University of Technology created a computing platform named BOINC. Its purpose was to create a SHA-1 collision. Two years later it was abandoned due to lack of progress. | |||
== | ==References== | ||
[http://en.wikipedia.org/wiki/SHA1 SHA-1 Wiki] | [http://en.wikipedia.org/wiki/SHA1 SHA-1 Wiki] | ||
[http://en.wikipedia.org/wiki/MD5 MD5 Wiki] | |||
[[File:Bob_dole.jpg|middle]] |
Latest revision as of 02:20, 9 December 2010
What is a Cryptographic Hash Function?
A cryptographic hashing function is a deterministic procedure that takes a block of code and returns a fixed bit string.
Two widely used hashing functions used today are MD5 and SHA-1
SHA-1
- SHA-1 was designed by the Nation Security Agency (NSA) in 1995.
- Published by The National Institute of Standards and Technology as a Federal Information Processing Standard for the US.
- SHA-1 is an upgraded version of SHA-0, correcting an error is the hash specification.
- SHA-1 is the most used version of SHA today. It is currently used in many applications and security protocols.
MD5
- MD5 was developed by Ron Rivest in 1991
- MD5 was published in 1992.
- Its used in many security applications, and is great for checking file integrity.
History
- There are many versions of Message Digest (MD) Algorithm, including MD2, MD4, MD5, and as of 2008 MD6.
- Secure Hashing Algorithm (SHA) started with SHA-0, and two years later moved onto SHA-1. The National Institute of Standards and Technology published SHA-2; which are broken into 4 different digest lengths - SHA-224 (224 bits), SHA-256 (256 bits), SHA-384 (384 bits) and SHA-512 (512 bits)
- SHA-3 is currently being developed in a competition, currently in round 2 and will be moving on to round 3 soon. The winner will be announced in 2012.
Differences
- MD5 uses 128 bit digests, while SHA-1 has 160 bit digests.
- That being said, SHA-1 has 4 billion times more output space than MD5.
- MD5 is less secure than SHA-1. SHA-1 is more resistant to brute force attacks.
- MD5 processes faster than SHA-1, because it has 64 steps in its algorithm compared to SHA-1's 80 steps.
- MD5 is heavily used in software to check file integrity (Md5sum) and is commonly used to store passwords.
- SHA-1 and SHA-2 and required by law for some US Government applications.
- For Security purposes SHA-1 is preferred over MD5 due to perceived security flaws, although none have been proven.
- With MD5 it is very easy to produce collisions. (a collision is production of the same hash value from two different inputs)
- With SHA-1 collisions are extremely difficult to accomplish (theoretically can happen, none have actually been found yet). Knowing that it would take massive amounts of time to find a collision with the full 80 steps of hashing, beginning in 2007 The Graz University of Technology created a computing platform named BOINC. Its purpose was to create a SHA-1 collision. Two years later it was abandoned due to lack of progress.