What is a Cryptographic Hash Function?

A crytographic hashing function is a deterministic procedure that takes a block of code and returns a fixed bit string.

Two widely used hasing functions used today are MD5 and SHA-1

SHA-1

• SHA-1 was designed by the Nation Security Agency (NSA) in 1995.

• Published by The National Institute of Standards and Technology as a Federal Information Processing Standard for the US.

• SHA-1 is an upgraded version of SHA-0, correcting an error is the hash specification.

• SHA-1 is the most used version of SHA today. It is currently used in many applications and security protocols.

MD5

• MD5 was developed by Ron Rivest in 1991

• MD5 was published in 1992.

• Its used in many security applications, and is great for checking file integrity.

History

• There are many versions of Message Digest (MD) Algorithm, including MD2, MD4, MD5, and as of 2008 MD6.

• Secure Hashing Algorithm (SHA) started with SHA-0, and two years later moved onto SHA-1. The National Institute of Standards and Technology published SHA-2; which are broken into 4 different digest lengths - SHA-224 (224 bits), SHA-256 (256 bits), SHA-384 (384 bits) and SHA-512 (512 bits)

• SHA-3 is currently being developed in a competition, currently in round 2 and will be moving on to round 3 soon. The winner will be announced in 2012.

Differences

• MD5 uses 128 bit digests, while SHA-1 has 160 bit digests.

That being said, SHA-1 has 4 billion times more output space than MD5.

• MD5 is less secure than SHA-1. SHA-1 is more resistant to brute force attacks.

• MD5 processes faster than SHA-1, because it has 64 steps in its algorithm comapaired to SHA-1's 80 steps.

• MD5 is heavily used in software to check file integrity (Md5sum) and is commonly used to store passwords.

• SHA-1 and SHA-2 and required by law for some US Goverment applications.

• For Security purposes SHA-1 is preffered over MD5 due to perceived security flaws, although none have been proven.

Refrences

SHA-1 Wiki

MD5 Wiki