MD5 or SHA1, which do you prefer?

[nicholas]

In your opinion, which one is better for generating a hash, whether for passowrds or hashing files, etc.?

Thanks.

 

[theparrot]

For pw, sha1 for sure, md5 has been 'broken'. For other applications it depends, sha1 is slower then md5.

 

[Scott]

For pw, sha1 for sure, md5 has been 'broken'. For other applications it depends, sha1 is slower then md5.

I wouldn't say it's been broken, I'd use md5 with a salt.

 

[theparrot]

I don't know what you consider broken, but in general when you can find collisions for a hash it is considered broken, and the paper published by Wang, Feng, Lai and Yu in August shows how to do just this. Why would you not now say md5 has been broken?

As I said what hash to use, depends on the application, but if security is a real issue, md5 even with a salt should not be the choice of a new application.

BTW, a salt is to slow down a dictionary attack.... so md5 with a salt at this time also makes no sense for a new deployment.

 

[Scott]

I don't know what you consider broken, but in general when you can find collisions for a hash it is considered broken, and the paper published by Wang, Feng, Lai and Yu in August shows how to do just this. Why would you not now say md5 has been broken?

As I said what hash to use, depends on the application, but if security is a real issue, md5 even with a salt should not be the choice of a new application.

BTW, a salt is to slow down a dictionary attack.... so md5 with a salt at this time also makes no sense for a new deployment.

75dc34b59d987a91e25290b29986149 :p

 

[theparrot]

75dc34b59d987a91e25290b29986149 :p

you are missing a digit... or should I assume a leading 0?

 

[theparrot]

and again, I ask you, to you what is the defination of a broken cryptographic grade hash?

 

[axilant]

I don't know what you consider broken, but in general when you can find collisions for a hash it is considered broken, and the paper published by Wang, Feng, Lai and Yu in August shows how to do just this. Why would you not now say md5 has been broken?

As I said what hash to use, depends on the application, but if security is a real issue, md5 even with a salt should not be the choice of a new application.

BTW, a salt is to slow down a dictionary attack.... so md5 with a salt at this time also makes no sense for a new deployment.

He is 100% right. There are people that can read md5 as a whole new language, its been done. I mean your probally the non-social person in the world, but im sure its been done. And yes its broken. Theres applications that run strings after strings to match a hash and it gives you the out put. Im sure this can be done in sha1 as well. I can actually say make your own encryption, split the password in 2, have 2 fields, decrypt them, use explode and such to do this and make them recompile the password. Sounds dumb, but its actually pretty cool.

 

[nicholas]

Thanks for the insights everybody-- those opinions and notes from real-world experiences are exactly what helps. I'm redesigning and recoding an older custom script for a client (which uses md5 throughout on various things) and wanted to get your views on SHA1 to help decide if it's worth the trouble reexamining the code with implications on optimization, sizes, etc., and changing it or retaining the md5 hashes.

Any more notes you'd like to share please don't hesitate to add. Thanks!

 

[deadserious]

How about use both, SHA1 the MD5?

 

[Scott]

He is 100% right. There are people that can read md5 as a whole new language, its been done. I mean your probally the non-social person in the world, but im sure its been done. And yes its broken. Theres applications that run strings after strings to match a hash and it gives you the out put. Im sure this can be done in sha1 as well. I can actually say make your own encryption, split the password in 2, have 2 fields, decrypt them, use explode and such to do this and make them recompile the password. Sounds dumb, but its actually pretty cool.

You can't read md5, how can you read a hash of something? :red:

 

[theparrot]

Thanks for the insights everybody-- those opinions and notes from real-world experiences are exactly what helps. I'm redesigning and recoding an older custom script for a client (which uses md5 throughout on various things) and wanted to get your views on SHA1 to help decide if it's worth the trouble reexamining the code with implications on optimization, sizes, etc., and changing it or retaining the md5 hashes.

Any more notes you'd like to share please don't hesitate to add. Thanks!

Maybe it would help if you said what it is using it for? Does it really need a cyptographic grade has or just one with good distribution properties, is it for long term storage or short one offs with limited life spans etc..

 

[theparrot]

You can't read md5, how can you read a hash of something? :red:

sigh, you are now just starting to appear ignorant. you will not answer the questions you have been asked, and are now asking nonsense questions.

 

[theparrot]

How about use both, SHA1 the MD5?

why? can't think of any point to this, except for storing some hashes with that people can use the hash to verify a file download, in case the do not have software to generate one or the other.

 

[nicholas]

Maybe it would help if you said what it is using it for? Does it really need a cyptographic grade has or just one with good distribution properties, is it for long term storage or short one offs with limited life spans etc..

Yer since you asked, the particular situation is like this. MD5 is used in a variety of functions as an end-all, be-all in the current installation of the scripts (existing custom-made by another programmer previously), such as validating documents to see if a duplicate already exists in the database (based on the document's hash compared to the one in the db) and if so, discarding it. It is also used for password authentication, as well as the file exchange checksum (instead of a crc function). ETc.

Anyway, the client has read from elsewhere about the risks involved with md5, particularly for the more sensitive parts of the system (like passwords, keys, etc.; the file hashes are fine as md5 is built for them) and was asking if it were feasible to quickly change parts of the system to SHA1 (read: altering MySQL tables to char(40) instead of the current 32 for instance, among others) or whether to just stick to the current implementation of those. And hence the want for opinions and subjective perspectives instead of the boilerplate info from the documents and 'official' sources.

 

[adam_uk]

why? can't think of any point to this, except for storing some hashes with that people can use the hash to verify a file download, in case the do not have software to generate one or the other.

that must be impossible surly

looking at a random hash and saying oh thats an encode of blah blah blah you must be either superhuman or a raging freak