Which hash method do you use (MD5, SHA1, other?)

Question

This Wikipedia page has an extensive list of hashing methods

As you can see, both MD5 and Sha1 have been broken (in Cryptography, "broken" means there's an attack less complex than the brute force attack. In other words, if you need 1 million year to find a collision instead of one billion year using brute force, the algorithm is consider broken, even if it's probably still safe to use it)

What do you use as a hash algorithm?

SHA1 is broken but one still needs billion of years to compute a collision.

Other hashes are still unbroken, but we have to keep in mind that ressearchers concentrate their efforts on mainstream algorithm (that is MD5 and SHA1), so unbroken hashes may be unsecure aswell.

Answer 1

These days most people still use SHA1 or even MD5, broken or not. Because the current state of the art in hashing is that we have some functions that we know have theoretical vulnerabilities but no really practical breaks, and some unproven functions that we know very little about at all.

If you're using a hash function for password storage, the theoretical vulnerabilities probably don't matter to you. Firstly because the nature of the vulnerabilities doesn't really help in reversing passwords. Secondly because if you care about security that much, you probably wouldn't be using passwords.

Where it will matter more is if you are using digital signature, SSL, IPSEC, etc, which all rely on hash functions, and if you need the hash function to remain secure for a long time. However here you have little choice but to wait and see which hash function(s) become the new proven standard, and/or use more than one hash function if you can.

Even then, this is way down on the list of threats in the big picture. Security problems in your system are far more likely to be in your own code, or people threats, than somebody attacking your hash function!

Still, if designing a new system, the advice to design it so you can replace any of your crypto algorithms at any time remains valuable. Ideally via configuration / plugin, and not a recompile.