71

Which is the best overall hashing algorithm in terms of complexity and security? md5 or sha1?

From what I know md5 is faster than sha1 but SHA1 is more complex than md5.

Am I missing anything?

Starx
  • 77,474
  • 47
  • 185
  • 261
  • 1
    **New software should not use MD5 or SHA-1.** They're both known to be weak, and exploitable in some applications. SHA-2 (standardized in 2001) is the minimum acceptable choice. – Jeremy Feb 24 '17 at 18:20
  • @Jeremy: if security is not a concern (e.g. if a malicious collision is not a problem) there's nothing wrong in using MD5 in a new software – lornova Aug 30 '20 at 16:36

3 Answers3

82

First of all, MD5 is broken - you can generate a collision, so MD5 should not be used for any security applications. SHA1 is not known to be broken and is believed to be secure. Other than that - yes, MD5 is faster but has 128-bit output, while SHA1 has 160-bit output.

Update: SHA1 has been broken: a team of researchers at Google and CWI have published a collision - https://shattered.io/static/shattered.pdf

Jeremy
  • 1
  • 85
  • 340
  • 366
sharptooth
  • 167,383
  • 100
  • 513
  • 979
  • 5
    @sharptooth don't say that MD5 was broken, so we can't use it. the only success is now in generating collisions. If you have generic piece of data now there are no means to produce fake data with same MD5. all know collisions were generated in pair. – Andrey Jun 01 '10 at 08:26
  • 8
    SHA1 _IS_ broken. See http://www.schneier.com/blog/archives/2005/02/sha1_broken.html – ya23 Jun 01 '10 at 08:26
  • 3
    @ya23: Never heard of that, thank you. But read what exactly is said there - a collision generation requires 2**69 hash computations. That's unbelievably long. Should we really be worried? – sharptooth Jun 01 '10 at 08:30
  • 1
    @sharptooth Yes, because as Bruce Schneier says, attacks only ever get better, not worse. What's slightly broken today may well be very broken in the future - so switching while you can is a good idea. – Nick Johnson Jun 01 '10 at 09:02
  • @Andrey, MD5 **is** broken however one look at it. Chosen prefix collision in hours on a PC. Preimage attack found. Fake SSL certificate. You name a cryptographic hashing quality, it fails. – KTC Jun 01 '10 at 11:07
  • @sharptooth, Wikipedia lists 2^63 for SHA-1 (and if it is flawed 2^52). Still, assuming system that can do 1 billion hash computations per second, you would need 292 years (if my math is correct). If you need to feel more secure you can switch to SHA-2. – Unreason Jun 01 '10 at 12:21
  • 8
    @Unreason: Don't forget there are botnets (whose computational power is up for sale) with 10-million+ computers. Using one of those large botnets brings your calculation from 292 years to 2.5 seconds. And remember, attacks are only getting better, and computers are only getting faster... – BlueRaja - Danny Pflughoeft Jun 01 '10 at 20:12
  • The link is broken, and besides anyone can google some info by themselves, it could be good to update your answer. – Knomo Seikei Jun 30 '16 at 16:27
  • I don'T get all the fuss about this. Who let's a user simply try their logins billions of successive times anyway??? After 5 tries, well your account is blocked for a half hour. No matter how big your botnet. After 5 tries, you take a 30 minutes vacations. Unless there is something I don't get... – Mathieu Turcotte Jan 26 '17 at 18:34
  • 3
    @MathieuTurcotte Online bruteforcing if not the only option. One could have stolen the slated hashes - then he can just try bruteforcing offline. – sharptooth Jan 27 '17 at 09:08
  • 2
    Then the problem isn't MD5, it's the fact that you didn't secure your server. If they can get the hash in the DB, they can basically pump the whole db anyway... – Mathieu Turcotte Jan 27 '17 at 11:22
  • 5
    @MathieuTurcotte No, it doesn't work this way. Users reuse their password on multiple resources. The attacker steals a password database from some system, then bruteforces the passwords, then reuses them for another system. Security is not black-or-white, it's gazillion shades of gray. Every bit done properly raises the bar. – sharptooth Jan 27 '17 at 13:19
  • well, again, I don't personally believe that this is a problem with MD5. If the user re-use the same password everywhere, it's kinda his problem. I personally use a password that is similar everywhere, but the difference still ensure the passwords will hash to completely different strings. If they use the same password, no matter how you will encrypt it, if the password gets stolen from another system, they'll just get in no matter what... The same goes with MD5, SHA1 or ANY other encryption method... if the password is stolen from elsewhere... there isn't much you can do... – Mathieu Turcotte Jan 27 '17 at 15:30
  • @MathieuTurcotte Yeap, but you can make it harder to steal it from your system. – sharptooth Jan 30 '17 at 09:33
  • 1
    SHA1 is officially dead. https://arstechnica.com/security/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/ – Seto Feb 24 '17 at 02:53
  • @MathieuTurcotte Then what would be the point of hashing and encryption? If those problems are not related to MD5, so why even using it? Using MD5 now is equal to storing them in plaintext. – Ali Tou May 08 '20 at 11:19
  • The ability to generate a collision is a poor metric for declaring a hashing algorithm "broken". Any hashing algorithm that allows for more bits in the input than are contained in the output can and will produce collisions. It's _literally_ the only way they can work. – aroth Oct 16 '20 at 00:58
41

Here is the comparison between MD5 and SHA1. You can get a clear idea about which one is better.

enter image description here

Biswajit Karmakar
  • 9,799
  • 4
  • 39
  • 41
14

MD5 is not suitable for use for with any sort of sensitive information. Collisions exist with the algorithm, and there have been successful attacks against it.

At the time of this update (3/2017) SHA-2 is now preferred.

When ever you embark on securely dealing with information, it is recommended that you check the latest guidelines.

Alan
  • 45,915
  • 17
  • 113
  • 134