Announcement

Collapse
No announcement yet.

SHA256 Secure Hash vs. MD5

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • SHA256 Secure Hash vs. MD5

    Greg Turgeon recently posted code for the SHA256 Secure Hash. I was wondering what the pros and cons were of using this hash algo versus MD5 for storing passwords.
    Bernard Ertl
    InterPlan Systems

  • #2
    Bern,

    MD5 has a 128 bits hash value vs 256 bits of SHA-256.
    That means that for SHA-256, the possibility for collisions (2 different messages having the same hash value) is lots and lots smaller than for MD5:
    Not 2 times as some people think, but 340282366920938463463374607431768211456 times smaller (= 2^256 / 2^128 = 2^128).
    In fact, tests have been performed were data collisions were achieved with MD5.

    MD5 dates from 1991 whereas SHA-256 was published in 2001. So the algorithm of SHA-256 is more sofisticated and up to date.

    Does this mean MD5 is bad and outdated ? Not really. It all depends on what kind of security you are looking for and what calculation overhead you can live with.

    For MD5 you need to store only 16 bytes, 32 bytes for SHA-256. Though you can also use less bytes of the SHA-256 hash value.
    On pc's this is hardly a concern.

    Personally I see no reason to NOT use SHA-256. I have used it on several occasions for message authentication, file integrity checks and file signatures.

    Kind regards
    Last edited by Eddy Van Esch; 12 Feb 2009, 10:15 AM.
    Eddy

    Comment


    • #3
      MD5 collisions have been contrived 'in the laboratory' - none have been found 'in the wild' yet. Having said that in a few years time even SHA1, which is a 160 bit hash, is being phased out by NIST - the starting point then being 256 bit.

      In a password context MD5 is fine. Eddy mentions "message authentication, file integrity checks and file signatures". In this context I wouldn't use less than 256 bit regardless of the overhead.

      Comment


      • #4
        If Greg has no objections then I should like, when I have time, to replace his 2001 code in HashFile with the new 2009 code.

        Comment


        • #5
          Originally posted by David Roberts View Post
          If Greg has no objections then I should like, when I have time, to replace his 2001 code [...] with the new 2009 code.
          No objections at all. I'm happy that the code is proving useful.

          Comment


          • #6
            Thanks Greg.

            Comment


            • #7
              Originally posted by David Roberts View Post
              MD5 collisions have been contrived 'in the laboratory' - none have been found 'in the wild' yet.
              Although achieved "in the laboratory", it has consequences "in the wild":
              http://www.heise-online.co.uk/securi...eatures/112365
              http://www.heise-online.co.uk/securi...--/news/112362
              Last edited by Knuth Konrad; 17 Feb 2009, 08:58 AM. Reason: Corrected spelling

              Comment


              • #8
                With the first link concluding with "Even though there is no immediate reason to worry, ..."

                SHA1 is starting to 'creak' which doesn't bode well for the SHA-2 family but, as Eddy pointed out, doubling the bit length squares the power, so we are OK for sometime to come with SHA 256, 384, 512 and 1024.

                NIST set up a competition a while ago, similar to the Nessie project giving us Whirlpool, which closed for entrants last November, see here. The First SHA-3 Candidate Conference will be held on 25-28 this month in Belgium.

                Comment

                Working...
                X