Solved

MD5 hashing vs SHA hashing

Posted on 2007-03-28
3
1,934 Views
Last Modified: 2013-12-04
Hi,

I wanted to know the difference between the MD5 hash algorithm and the SHA hash algorithm. I read somewhere that there are weaknesses in the MD5 algorithm. Can someone explain which hash algorithm is better and why and which one should I use? I just simply want to encrypt a password and store it on a database.

Thanks
0
Comment
Question by:maloriopolium
3 Comments
 
LVL 11

Expert Comment

by:AnthonyP9618
ID: 18813118
A PAQd question asking the same question... Hope that helps.

http://www.experts-exchange.com/Security/Misc/Q_21393626.html
0
 
LVL 18

Accepted Solution

by:
PowerIT earned 50 total points
ID: 18814313
If you have the choice: use SHA. It's the succesor of MD5 and considered more secure and is FIPS approved: http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
SHA-1 will be fased out by the NIST by 2010, to be replaced by SHA-2 (SHA-224, SHA-256, SHA-384, and SHA-512).
The reason being that it has been found that the complexity to find a collision in SHA-1 has been lowered to 2^63.
That still is an astronomic number and would need a massive botnet to calculate within any reasonable time.
But the NIST has to look ahead. They are assuming that now that this has been found, better ways are one the way which will still lower the complexity.

J.
0
 
LVL 3

Expert Comment

by:hackman_3vilGuy
ID: 18825250
There are weaknesses in sha-1 as well as MD5 ( http://news.com.com/Crypto+researchers+abuzz+over+flaws/2100-1002_3-5313655.html?tag=st.pop ). If possible use a SHA algorithm 256+.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now