I read somewhere that md5 is not 100% secure. Hence, the question.
Asked
Active
Viewed 2,610 times
1
-
1From the Wikipedia page: "The security of the MD5 hash function is severely compromised. A collision attack exists that can find collisions within seconds on a computer with a 2.6Ghz Pentium4 processor (complexity of 2^24.1)" This may or may not be applicable to your use-case, but I'd choose another hash function for anything security relevant. – vhallac Feb 05 '12 at 13:49
-
The probability of finding a duplicate hash by brute force is trivial to calculate; the amount of effort required doubles with each additional bit in the hash. A hash with *n* bits can take 2^n different values; hence, the probability is 1/2^n. If there are weaknesses which reduce the required effort, those need to be taken into account as well, of course. But given that SHA-2 has more bits *and* there is no known vulnerability in the algorithm, the conclusion should be easy. Yes, it's a better choice, but depending on your requirements, it might be insufficient (or, granted, overkill). – tripleee Feb 05 '12 at 14:26
-
The reason I asked the question is because I'm developing an information system for my project. The system of course will have a login feature. I'm trying to find out what method for hashing the passwords will suit my system. – Nathan Feb 05 '12 at 14:29
-
1Use a salted hash with one of the more modern hashing algorithms. SHA-2 with salt should be more than sufficient. http://stackoverflow.com/questions/3191690/how-long-should-my-password-salt-be-and-is-sha-256-good-enough – Joe C. Feb 05 '12 at 14:36
-
If you can get SHA-2 without too much extra effort, that reduces the chances that you will be the weakest link in the chain. If it's an on-line tic-tac-toe game on a standalone system, the consequences of a break-in are less significant than for a defense system, but again, every break-in is one too many. – tripleee Feb 05 '12 at 14:36
1 Answers
2
You seem to be asking 2 separate but related questions.
The probability of a random collision is highly dependent on the size of the data that you're working with; the more strings you're hashing, the more likely a collision is to occur. See the first table at Wikipedia: Birthday Attack for exact probabilities. MD5 uses 128 bits, so to achieve a 50% collision probability, you'll need 2.2E19 strings.
However, while random collisions are suitably rare for small data sets, MD5 has been shown to be completely insecure against intentional collisions. According to the Wikipedia article on MD5, a collision attack exists that can be run in seconds on a 2.6Ghz Pentium4 processor. For security, MD5 is completely broken, and has been considered so since 2005.
If you need to securely hash something, use one of the more modern hashing algorithms, such as SHA-2, SHA-3 (when it's development is finished), or Whirlpool.
Joe C.
- 1,538
- 11
- 14
-
One more question, is there a SHA2() function in PHP? I tried to look for it on their site but all I found was SHA1(). – Nathan Feb 05 '12 at 14:46
-
See http://www.php.net/manual/en/function.crypt.php . Make sure to read the CRYPT_SHA512 explanation, since it tells you how to make the function actually use SHA512 for the hashing. – Joe C. Feb 07 '12 at 01:14