Cryptographic Hashing Function (SHA-1 and MD5): Difference between revisions

From ITCwiki
Jump to navigation Jump to search
No edit summary
No edit summary
 
(9 intermediate revisions by the same user not shown)
Line 1: Line 1:
=What is a Cryptographic Hash Function?=
=What is a Cryptographic Hash Function?=
A crytographic hashing function is a deterministic procedure that takes a block of code and returns a fixed bit string.
A cryptographic hashing function is a deterministic procedure that takes a block of code and returns a fixed bit string.


Two widely used hasing functions used today are MD5 and SHA-1
Two widely used hashing functions used today are MD5 and SHA-1


==SHA-1==
==SHA-1==
Line 12: Line 12:


*SHA-1 is the most used version of SHA today. It is currently used in many applications and security protocols.
*SHA-1 is the most used version of SHA today. It is currently used in many applications and security protocols.
[[File:nsa.jpg|middle]]




Line 20: Line 23:


*Its used in many security applications, and is great for checking file integrity.
*Its used in many security applications, and is great for checking file integrity.
[[File:ron_rivest.jpg|middle]]
<- Ron Rivest




Line 37: Line 44:
*MD5 is less secure than SHA-1. SHA-1 is more resistant to brute force attacks.
*MD5 is less secure than SHA-1. SHA-1 is more resistant to brute force attacks.


*MD5 processes faster than SHA-1, because it has 64 steps in its algorithm comapaired to SHA-1's 80 steps.
*MD5 processes faster than SHA-1, because it has 64 steps in its algorithm compared to SHA-1's 80 steps.


*MD5 is heavily used in software to check file integrity (Md5sum) and is commonly used to store passwords.
*MD5 is heavily used in software to check file integrity (Md5sum) and is commonly used to store passwords.


*SHA-1 and SHA-2 and required by law for some US Goverment applications.
*SHA-1 and SHA-2 and required by law for some US Government applications.


*For Security purposes SHA-1 is preffered over MD5 due to perceived security flaws, although none have been proven.
*For Security purposes SHA-1 is preferred over MD5 due to perceived security flaws, although none have been proven.




*With MD5 it is very easy to produce collisions. (a collision is production of the same hash value from two different imputs)
*With MD5 it is very easy to produce collisions. (a collision is production of the same hash value from two different inputs)


*With SHA-1 collisions have been found, but are extremely difficult to accomplish (theoretical, none have actually been found yet)
*With SHA-1 collisions are extremely difficult to accomplish (theoretically can happen, none have actually been found yet). Knowing that it would take massive amounts of time to find a collision with the full 80 steps of hashing, beginning in 2007 The Graz University of Technology created a computing platform named BOINC. Its purpose was to create a SHA-1 collision. Two years later it was abandoned due to lack of progress.


==Refrences==
==References==
[http://en.wikipedia.org/wiki/SHA1 SHA-1 Wiki]
[http://en.wikipedia.org/wiki/SHA1 SHA-1 Wiki]


[http://en.wikipedia.org/wiki/MD5 MD5 Wiki]
[http://en.wikipedia.org/wiki/MD5 MD5 Wiki]
[[File:Bob_dole.jpg|middle]]

Latest revision as of 02:20, 9 December 2010

What is a Cryptographic Hash Function?

A cryptographic hashing function is a deterministic procedure that takes a block of code and returns a fixed bit string.

Two widely used hashing functions used today are MD5 and SHA-1

SHA-1

  • SHA-1 was designed by the Nation Security Agency (NSA) in 1995.
  • Published by The National Institute of Standards and Technology as a Federal Information Processing Standard for the US.
  • SHA-1 is an upgraded version of SHA-0, correcting an error is the hash specification.
  • SHA-1 is the most used version of SHA today. It is currently used in many applications and security protocols.


Nsa.jpg


MD5

  • MD5 was developed by Ron Rivest in 1991
  • MD5 was published in 1992.
  • Its used in many security applications, and is great for checking file integrity.


Ron rivest.jpg <- Ron Rivest


History

  • There are many versions of Message Digest (MD) Algorithm, including MD2, MD4, MD5, and as of 2008 MD6.
  • Secure Hashing Algorithm (SHA) started with SHA-0, and two years later moved onto SHA-1. The National Institute of Standards and Technology published SHA-2; which are broken into 4 different digest lengths - SHA-224 (224 bits), SHA-256 (256 bits), SHA-384 (384 bits) and SHA-512 (512 bits)
  • SHA-3 is currently being developed in a competition, currently in round 2 and will be moving on to round 3 soon. The winner will be announced in 2012.

Differences

  • MD5 uses 128 bit digests, while SHA-1 has 160 bit digests.
That being said, SHA-1 has 4 billion times more output space than MD5.
  • MD5 is less secure than SHA-1. SHA-1 is more resistant to brute force attacks.
  • MD5 processes faster than SHA-1, because it has 64 steps in its algorithm compared to SHA-1's 80 steps.
  • MD5 is heavily used in software to check file integrity (Md5sum) and is commonly used to store passwords.
  • SHA-1 and SHA-2 and required by law for some US Government applications.
  • For Security purposes SHA-1 is preferred over MD5 due to perceived security flaws, although none have been proven.


  • With MD5 it is very easy to produce collisions. (a collision is production of the same hash value from two different inputs)
  • With SHA-1 collisions are extremely difficult to accomplish (theoretically can happen, none have actually been found yet). Knowing that it would take massive amounts of time to find a collision with the full 80 steps of hashing, beginning in 2007 The Graz University of Technology created a computing platform named BOINC. Its purpose was to create a SHA-1 collision. Two years later it was abandoned due to lack of progress.

References

SHA-1 Wiki

MD5 Wiki

Bob dole.jpg