Algorithm Complexity & Security: MD5 or SHA1?

algorithm hash

90,753

Solution 1

First of all, MD5 is broken - you can generate a collision, so MD5 should not be used for any security applications. SHA1 is not known to be broken and is believed to be secure. Other than that - yes, MD5 is faster but has 128-bit output, while SHA1 has 160-bit output.

Update: SHA1 has been broken: a team of researchers at Google and CWI have published a collision - https://shattered.io/static/shattered.pdf

Solution 2

Here is the comparison between MD5 and SHA1. You can get a clear idea about which one is better.

Solution 3

MD5 is not suitable for use for with any sort of sensitive information. Collisions exist with the algorithm, and there have been successful attacks against it.

At the time of this update (3/2017) SHA-2 is now preferred.

When ever you embark on securely dealing with information, it is recommended that you check the latest guidelines.

90,753

Author by

Starx

Updated on July 05, 2022

Comments

Starx almost 2 years

Which is the best overall hashing algorithm in terms of complexity and security? md5 or sha1?

From what I know md5 is faster than sha1 but SHA1 is more complex than md5.

Am I missing anything?
Andrey about 14 years

@sharptooth don't say that MD5 was broken, so we can't use it. the only success is now in generating collisions. If you have generic piece of data now there are no means to produce fake data with same MD5. all know collisions were generated in pair.
ya23 about 14 years

SHA1 IS broken. See schneier.com/blog/archives/2005/02/sha1_broken.html
sharptooth about 14 years

@ya23: Never heard of that, thank you. But read what exactly is said there - a collision generation requires 2**69 hash computations. That's unbelievably long. Should we really be worried?
Nick Johnson about 14 years

@sharptooth Yes, because as Bruce Schneier says, attacks only ever get better, not worse. What's slightly broken today may well be very broken in the future - so switching while you can is a good idea.
KTC about 14 years

@Andrey, MD5 is broken however one look at it. Chosen prefix collision in hours on a PC. Preimage attack found. Fake SSL certificate. You name a cryptographic hashing quality, it fails.
Unreason about 14 years

@sharptooth, Wikipedia lists 2^63 for SHA-1 (and if it is flawed 2^52). Still, assuming system that can do 1 billion hash computations per second, you would need 292 years (if my math is correct). If you need to feel more secure you can switch to SHA-2.
BlueRaja - Danny Pflughoeft about 14 years

@Unreason: Don't forget there are botnets (whose computational power is up for sale) with 10-million+ computers. Using one of those large botnets brings your calculation from 292 years to 2.5 seconds. And remember, attacks are only getting better, and computers are only getting faster...
Starx about 8 years

Good chart (+1) but which SHA algorithm does this belong too?
Biswajit Karmakar about 8 years

SHA1 algoritm @Starx
Knomo Seikei about 8 years

The link is broken, and besides anyone can google some info by themselves, it could be good to update your answer.
Mathieu Turcotte over 7 years

I don'T get all the fuss about this. Who let's a user simply try their logins billions of successive times anyway??? After 5 tries, well your account is blocked for a half hour. No matter how big your botnet. After 5 tries, you take a 30 minutes vacations. Unless there is something I don't get...
sharptooth over 7 years

@MathieuTurcotte Online bruteforcing if not the only option. One could have stolen the slated hashes - then he can just try bruteforcing offline.
Mathieu Turcotte over 7 years

Then the problem isn't MD5, it's the fact that you didn't secure your server. If they can get the hash in the DB, they can basically pump the whole db anyway...
sharptooth over 7 years

@MathieuTurcotte No, it doesn't work this way. Users reuse their password on multiple resources. The attacker steals a password database from some system, then bruteforces the passwords, then reuses them for another system. Security is not black-or-white, it's gazillion shades of gray. Every bit done properly raises the bar.
Mathieu Turcotte over 7 years

well, again, I don't personally believe that this is a problem with MD5. If the user re-use the same password everywhere, it's kinda his problem. I personally use a password that is similar everywhere, but the difference still ensure the passwords will hash to completely different strings. If they use the same password, no matter how you will encrypt it, if the password gets stolen from another system, they'll just get in no matter what... The same goes with MD5, SHA1 or ANY other encryption method... if the password is stolen from elsewhere... there isn't much you can do...
sharptooth over 7 years

@MathieuTurcotte Yeap, but you can make it harder to steal it from your system.
techolic over 7 years

'Attacks required to find out original message', I think you meant attacks required to find another message that produces the same hash - preimage attack.
Seto over 7 years

SHA1 is officially dead. arstechnica.com/security/2017/02/…
Manish Kumar over 7 years

SHA1 has been broken: a team of researchers at Google and CWI have published a collision - shattered.io/static/shattered.pdf
GTodorov over 6 years

Hashcat+NVidia 1080 Ti = 10 minutes give or take, both broken... Not to mention hashcat dictionaries.
Ali Tou about 4 years

@MathieuTurcotte Then what would be the point of hashing and encryption? If those problems are not related to MD5, so why even using it? Using MD5 now is equal to storing them in plaintext.
aroth over 3 years

The ability to generate a collision is a poor metric for declaring a hashing algorithm "broken". Any hashing algorithm that allows for more bits in the input than are contained in the output can and will produce collisions. It's literally the only way they can work.