[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

MD5 vs. SHA-1 -- What's the difference?

Posted on 2005-04-18
7
Medium Priority
?
49,278 Views
Last Modified: 2012-06-21
I have a question:

MD5 is said to be "insecure".  How insecure is it, and how does it compare to other hashing algorithms like SHA-1?  What are the best hashing algorithms out there?  I'll likely split points for good answers.

Thanks,
-Doug
0
Comment
Question by:dougday
7 Comments
 
LVL 11

Accepted Solution

by:
elbereth21 earned 1400 total points
ID: 13813325
An algorithm is said to be secure if it impossible to create two equal hashes, starting from different strings.
The problem with MD5 is that some researchers actually managed to break this condition and showed it will be possible to recreate an hash with a standard computer in a few hours, anyway  SHA-1 is starting to tremble too:
http://news.com.com/Crypto+researchers+abuzz+over+flaws/2100-1002_3-5313655.html?tag=st.pop
0
 
LVL 4

Assisted Solution

by:graemeboro
graemeboro earned 600 total points
ID: 13813656
0
 
LVL 5

Author Comment

by:dougday
ID: 13816190
Okay, so correct me if I'm wrong:

If I am creating a web app that needs a username and password, I should use at least SHA-1 on the password before sending it across the internet, since it's conceivable that if someone intercepted the packets on their way to the server, it would be mathematically improbable that someone could duplicate the hash.  Whereas, with MD5, if they intercepted the packets, they could fake a password by generating a hash collision, yes?

Is there anything you guys know of that's more secure than SHA-1 at this point?

Thanks,
-Doug
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Author Comment

by:dougday
ID: 13817406
No correction - I guess I'm right then :)

Thanks,
-Doug
0
 
LVL 4

Expert Comment

by:graemeboro
ID: 13822537
SHA-1 has been cracked theoreticaly in a lab environment.  SHA256 is another alternative.

Graeme
0
 
LVL 5

Author Comment

by:dougday
ID: 13823764
In my reading I also ran into SHA512, but they said that theoretically the hash, and the SHA256 and SHA128 weren't any stronger than the SHA-1.  But I'm not certain on that.
-Doug
0
 

Expert Comment

by:acidgold
ID: 25441137
As long as you add SALT to the equation shouldn't that erase any chance of duplicity?
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question