dougday
asked on
MD5 vs. SHA-1 -- What's the difference?
I have a question:
MD5 is said to be "insecure". How insecure is it, and how does it compare to other hashing algorithms like SHA-1? What are the best hashing algorithms out there? I'll likely split points for good answers.
Thanks,
-Doug
MD5 is said to be "insecure". How insecure is it, and how does it compare to other hashing algorithms like SHA-1? What are the best hashing algorithms out there? I'll likely split points for good answers.
Thanks,
-Doug
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No correction - I guess I'm right then :)
Thanks,
-Doug
Thanks,
-Doug
SHA-1 has been cracked theoreticaly in a lab environment. SHA256 is another alternative.
Graeme
Graeme
ASKER
In my reading I also ran into SHA512, but they said that theoretically the hash, and the SHA256 and SHA128 weren't any stronger than the SHA-1. But I'm not certain on that.
-Doug
-Doug
As long as you add SALT to the equation shouldn't that erase any chance of duplicity?
ASKER
If I am creating a web app that needs a username and password, I should use at least SHA-1 on the password before sending it across the internet, since it's conceivable that if someone intercepted the packets on their way to the server, it would be mathematically improbable that someone could duplicate the hash. Whereas, with MD5, if they intercepted the packets, they could fake a password by generating a hash collision, yes?
Is there anything you guys know of that's more secure than SHA-1 at this point?
Thanks,
-Doug