Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

If MD5 is broken, what is a better solution?

After reading the topic "Is MD5 really that bad", I was thinking about a better solution for generating hashes. Are there better solutions like Adler, CRC32 or SHA1? Or are they broken as well?

like image 622
Martijn Courteaux Avatar asked May 04 '10 20:05

Martijn Courteaux


3 Answers

CRC32 is probably the worst thing you could possibly use for passwords (besides maybe crc16 :). Cyclic Redundancy Checks are to detect if a message has been damaged though natural causes, it is trivial to generate collisions using nothing more than algebra. SHA0 and SHA1 are also broken, although unlike md5() no one has generated a SHA1 collision, but it is believed to be computationally feasible with our current technology.

Any member of the SHA-2 family should be used. Sha-256 is good, SHA-512 is probably more than you need. NIST is holding the SHA-3 competition right now and this will be finalized sometime in 2012. (Skein for the win!)

like image 144
rook Avatar answered Oct 18 '22 23:10

rook


If you are looking for a cryptographic hash function, Adler and CRC32 are really bad idea. SHA-1 is also broken already, but in a much less dangerous way than MD5. However, this will probably change in the future.

Right now the only sensible choice seems to be to use SHA-256, possibly truncating the digest to the desired length.

like image 24
Krystian Avatar answered Oct 18 '22 23:10

Krystian


SHA1 has some theoretical attacks but AFAIK there is still nothing practical that will let you break it as of yet.

SHA2 seems to hold steady for now.

like image 34
shoosh Avatar answered Oct 19 '22 01:10

shoosh