Cryptographic Hashing Function (SHA-1 and MD5)

From ITCwiki

What is a Cryptographic Hash Function?

A cryptographic hashing function is a deterministic procedure that takes a block of code and returns a fixed bit string.

Two widely used hashing functions used today are MD5 and SHA-1

SHA-1

  • SHA-1 was designed by the Nation Security Agency (NSA) in 1995.
  • Published by The National Institute of Standards and Technology as a Federal Information Processing Standard for the US.
  • SHA-1 is an upgraded version of SHA-0, correcting an error is the hash specification.
  • SHA-1 is the most used version of SHA today. It is currently used in many applications and security protocols.


Nsa.jpg


MD5

  • MD5 was developed by Ron Rivest in 1991
  • MD5 was published in 1992.
  • Its used in many security applications, and is great for checking file integrity.


Ron rivest.jpg <- Ron Rivest


History

  • There are many versions of Message Digest (MD) Algorithm, including MD2, MD4, MD5, and as of 2008 MD6.
  • Secure Hashing Algorithm (SHA) started with SHA-0, and two years later moved onto SHA-1. The National Institute of Standards and Technology published SHA-2; which are broken into 4 different digest lengths - SHA-224 (224 bits), SHA-256 (256 bits), SHA-384 (384 bits) and SHA-512 (512 bits)
  • SHA-3 is currently being developed in a competition, currently in round 2 and will be moving on to round 3 soon. The winner will be announced in 2012.

Differences

  • MD5 uses 128 bit digests, while SHA-1 has 160 bit digests.
That being said, SHA-1 has 4 billion times more output space than MD5.
  • MD5 is less secure than SHA-1. SHA-1 is more resistant to brute force attacks.
  • MD5 processes faster than SHA-1, because it has 64 steps in its algorithm compared to SHA-1's 80 steps.
  • MD5 is heavily used in software to check file integrity (Md5sum) and is commonly used to store passwords.
  • SHA-1 and SHA-2 and required by law for some US Government applications.
  • For Security purposes SHA-1 is preferred over MD5 due to perceived security flaws, although none have been proven.


  • With MD5 it is very easy to produce collisions. (a collision is production of the same hash value from two different inputs)
  • With SHA-1 collisions are extremely difficult to accomplish (theoretically can happen, none have actually been found yet). Knowing that it would take massive amounts of time to find a collision with the full 80 steps of hashing, beginning in 2007 The Graz University of Technology created a computing platform named BOINC. Its purpose was to create a SHA-1 collision. Two years later it was abandoned due to lack of progress.

References

SHA-1 Wiki

MD5 Wiki

Bob dole.jpg