Hey just a simple questions, as im tryng to understand a bit more on Hash functions, I know how they work and what they do but how secure are they?
I would appreciate a simple answer not links as I never find them useful.
To conclude, MD5 generates a message digest of 128-bits, while SHA1 generates a message digest of 160-bit hash value. Hence, SHA1 is a relatively complex algorithm and provides better security than MD5.
Although slower, SHA is more secure than MD5 due to a variety of reasons. First, it produces a larger digest, 160-bit compared to 128-bit, so a brute force attack would be much more difficult to carry out. Also, no known collisions have been found for SHA.
Although originally designed as a cryptographic message authentication code algorithm for use on the internet, MD5 hashing is no longer considered reliable for use as a cryptographic checksum because security experts have demonstrated techniques capable of easily producing MD5 collisions on commercial off-the-shelf ...
SHA-1 is prone to length extension attacks. Since 2005, SHA-1 has not been considered secure against well-funded opponents; as of 2010 many organizations have recommended its replacement. NIST formally deprecated use of SHA-1 in 2011 and disallowed its use for digital signatures in 2013.
With nowadays technology, both can be cracked. There are also hash dictionaries that help find what a hash means for short strings.
If they are secure or not, highly depends on what you want to protect. If you are building an online banking system, they are not recommended at all (depending where in the online banking system they come to use). If you implement them just for online user password hashing, for example, it also depends on: is you website worth cracking, how many users you have, etc.
A general advice, is to first study the level of security you want to achieve in you scenario and decide what technologies (in this case hashing) you use. There is also no 100% security. Also don't invest too much time into one security issues and ignore others which might not be as obvious or technical (human errors, security by obscurity, human engineering).
Check this out:
password
has the MD5 hash: 5f4dcc3b5aa765d61d8327deb882cf99
The above example is just one of many (dictionary attack) possible way to crack them. Also the wikipedia articles of each security algorithms gives you a list of vulnerabilities.
ALSO SEE:
SIDE NOTE
Never let websites generate a hash for a real password that you have (in case you need it somewhere for testing or other reasons). Always use test passwords, or generate hashes on your local machine. People building hash databases (hackers or not), also provide online hash tools for capturing hashes.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With