Cryptographic Hashing Function (SHA-1 and MD5)
What is a Cryptographic Hash Function?
A cryptographic hashing function is a deterministic procedure that takes a block of code and returns a fixed bit string.
Two widely used hashing functions used today are MD5 and SHA-1
- SHA-1 was designed by the Nation Security Agency (NSA) in 1995.
- Published by The National Institute of Standards and Technology as a Federal Information Processing Standard for the US.
- SHA-1 is an upgraded version of SHA-0, correcting an error is the hash specification.
- SHA-1 is the most used version of SHA today. It is currently used in many applications and security protocols.
- MD5 was developed by Ron Rivest in 1991
- MD5 was published in 1992.
- Its used in many security applications, and is great for checking file integrity.
- There are many versions of Message Digest (MD) Algorithm, including MD2, MD4, MD5, and as of 2008 MD6.
- Secure Hashing Algorithm (SHA) started with SHA-0, and two years later moved onto SHA-1. The National Institute of Standards and Technology published SHA-2; which are broken into 4 different digest lengths - SHA-224 (224 bits), SHA-256 (256 bits), SHA-384 (384 bits) and SHA-512 (512 bits)
- SHA-3 is currently being developed in a competition, currently in round 2 and will be moving on to round 3 soon. The winner will be announced in 2012.
- MD5 uses 128 bit digests, while SHA-1 has 160 bit digests.
- That being said, SHA-1 has 4 billion times more output space than MD5.
- MD5 is less secure than SHA-1. SHA-1 is more resistant to brute force attacks.
- MD5 processes faster than SHA-1, because it has 64 steps in its algorithm compared to SHA-1's 80 steps.
- MD5 is heavily used in software to check file integrity (Md5sum) and is commonly used to store passwords.
- SHA-1 and SHA-2 and required by law for some US Government applications.
- For Security purposes SHA-1 is preferred over MD5 due to perceived security flaws, although none have been proven.
- With MD5 it is very easy to produce collisions. (a collision is production of the same hash value from two different inputs)
- With SHA-1 collisions are extremely difficult to accomplish (theoretically can happen, none have actually been found yet). Knowing that it would take massive amounts of time to find a collision with the full 80 steps of hashing, beginning in 2007 The Graz University of Technology created a computing platform named BOINC. Its purpose was to create a SHA-1 collision. Two years later it was abandoned due to lack of progress.