MD5 vs. SHA-1

Anyone has some reading material about this subject - which algorythm is better (SHA-1?) and why, etc.


I have read a little about the two. It would appear to me that SHA1 is more secure than MD5. Both are hashing algorithms based on older MD4 protocols. The main difference is that SHA1 returns a 160 byte hash whereas MD5 returns a 32 byte hash. The longer hash makes SHA1 less prone to brute-force attacks as they would take a lot longer to complete. Furthermore, SHA1 was reviewed and approved by the professor who wrote the original MD5 algorithm.

The practicality of moving the web from MD5 to SHA1 though is not as easy to look at. Since they are both hashing algorithms, there is no way to easily decrypt what they represent so if that is passwords, then you have a lot of work getting users to change them when you switch algorithms.

Other considerations include this:

MD5 is 5 times faster than SHA1 but only returns 1/5th the bytes. MD5 has a collision rate of 2^32. Even though it is faster, you will need 3-5 iterations of MD5 to get the same level of security in SHA1.

MD5 is relatively secure, and much faster. SHA-1 is a technology perhaps for the future. I have read that it is 4 times slower than MD5 and uses much many resources.

In case of large databases which need extreme security, go with SHA-1; although MD5 is most practical for general application. :slight_smile:

Just had to say I luv the quote:D.

Ayway getting back to the topic in hand;

Secure Hash Algorithm 1 (SHA1)
MD5 Message-Digest Algorithm

I looked into other algorithms, including RC4, Blowfish, (crc32) and a few others, however from what I remember an RC4, encryption, took one person just under a week to crack.

As Wayne was implying, it all depends on your implementation, the higher the form of encryption, the longer it takes to process, so in effect, the type of encryption you choose all depends upon your requirements.

SHA1 is generally much more secure, and is what I use now.

But as Wayne pointed out, the problem is getting the switch to be as painless as possible. If I’m using an older database with MD5 hashes, I doubt giving everyone a randomly generated SHA1 password is worth it. But if I were ot start a new project, I’d use SHA1.

Thanks for the answers. :slight_smile:

I guess I’m wondering why it is “much more” secure than MD5? For most web implementations the 8 byte difference can’t matter that much, right? MD5 is still hard to crack as it is.

You mean 128, right?

With cryptography, adding characters makes the complexity of cracking something rise exponentially. So yes, it’s quite a large difference, in theory anyway.

Are we talking about a single site here, or are we talking about getting every web application on the Internet to switch from MD5 to SHA1?

If the former, and assuming that the user’s password is received by the server in plaintext form (rather than being hashed client-side before transmission) then surely all you would need to do is to run the two in parallel, using two fields in the database (PasswordMD5 and PasswordSHA1)…

The authentication function would take the plaintext username and password, load up the record (using the username as the primary key), and see if there was a value in the PasswordMD5 field.

  • If there was, then the user is still on MD5, so the plaintext password would be MD5 hashed, compared to stored hash, and if successful, then the plaintext password would be hashed using SHA1, stored in the PasswordSHA1 field, and the PasswordMD5 field cleared.

  • If there wasn’t then the user is already on SHA1, so just SHA1 hash the password, and compare to the stored value.

This approach would be completely invisible to users, and would migrate them from one hashing algorithm to another very painlessly. Later on (once all the users have been migrated, perhaps after a mailshot to ask them to login), you could remove the MD5 parts completely. Job done!