What's the difference between MD5withRSA & SHA1withRSA? [closed]

Question

in google documentation for android apps... it says I should use SHA1withRSA

But I was wondering what's the difference between SHA1withRSA & MD5withRSA? and how would that affect my app in anyway? would google play accept/deny the app into its marketplace based on SHA1withRSA/MD5withRSA ?

Thanks,

Answer 1

SHA and MD5 are both hashing functions which is a one-way procedure. The idea is that the same content yields the same hash. With that, for example a document can be hashed and to later check that it's still the same document, you only need to compare the hash to see if anyone has made changes. MD5 has become insecure because researchers have found ways to calculate a different document that yields the same hash. This is called a hash collision and nobody should be able to produce them at will.

RSA is a public/private key system that, in a nutshell, works for two scenarios:

1. Encrypt something with someones public key, then only the person with the according private key can decrypt it.
2. Someone signs something with his private key, then everyone can confirm that this was indeed signed by that person by checking it with that persons public key.

Now SHA1RSA means:

1. Hash the package with SHA. That yields a small 32 byte hash string and can be computed very fast.
2. Sign that hash string with your private key to prove that this actually comes from you.