Cryptographic Hashing Function (SHA-1 and MD5)

From ITCwiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

What is a Cryptographic Hash Function?

A cryptographic hashing function is a deterministic procedure that takes a block of code and returns a fixed bit string.

Two widely used hashing functions used today are MD5 and SHA-1

SHA-1

  • SHA-1 was designed by the Nation Security Agency (NSA) in 1995.
  • Published by The National Institute of Standards and Technology as a Federal Information Processing Standard for the US.
  • SHA-1 is an upgraded version of SHA-0, correcting an error is the hash specification.
  • SHA-1 is the most used version of SHA today. It is currently used in many applications and security protocols.


Nsa.jpg


MD5

  • MD5 was developed by Ron Rivest in 1991
  • MD5 was published in 1992.
  • Its used in many security applications, and is great for checking file integrity.


Ron rivest.jpg <- Ron Rivest


History

  • There are many versions of Message Digest (MD) Algorithm, including MD2, MD4, MD5, and as of 2008 MD6.
  • Secure Hashing Algorithm (SHA) started with SHA-0, and two years later moved onto SHA-1. The National Institute of Standards and Technology published SHA-2; which are broken into 4 different digest lengths - SHA-224 (224 bits), SHA-256 (256 bits), SHA-384 (384 bits) and SHA-512 (512 bits)
  • SHA-3 is currently being developed in a competition, currently in round 2 and will be moving on to round 3 soon. The winner will be announced in 2012.

Differences

  • MD5 uses 128 bit digests, while SHA-1 has 160 bit digests.
That being said, SHA-1 has 4 billion times more output space than MD5.
  • MD5 is less secure than SHA-1. SHA-1 is more resistant to brute force attacks.
  • MD5 processes faster than SHA-1, because it has 64 steps in its algorithm compared to SHA-1's 80 steps.
  • MD5 is heavily used in software to check file integrity (Md5sum) and is commonly used to store passwords.
  • SHA-1 and SHA-2 and required by law for some US Government applications.
  • For Security purposes SHA-1 is preferred over MD5 due to perceived security flaws, although none have been proven.


  • With MD5 it is very easy to produce collisions. (a collision is production of the same hash value from two different inputs)
  • With SHA-1 collisions are extremely difficult to accomplish (theoretically can happen, none have actually been found yet). Knowing that it would take massive amounts of time to find a collision with the full 80 steps of hashing, beginning in 2007 The Graz University of Technology created a computing platform named BOINC. Its purpose was to create a SHA-1 collision. Two years later it was abandoned due to lack of progress.

References

SHA-1 Wiki

MD5 Wiki

Bob dole.jpg

Retrieved from "https://wiki.ihitc.net/mediawiki/index.php?title=Cryptographic_Hashing_Function_(SHA-1_and_MD5)&oldid=3662"