SHA1 and SHA2

Question out of curiousity here -
I notice particularly with various authentication plugins and books
like AWDWR and Ruby for Rails, SHA1 encryption is implemented. In
Rails Recipes (Chad F.) the authentication recipe used SHA2. My
basic understanding is SHA2 is stronger but curious as to why the
(seemingly) majority uses SHA1.

Anyone ?

TIA
Stuart

On 8/27/06, Dark A. [email protected] wrote:

Question out of curiousity here -
I notice particularly with various authentication plugins and books
like AWDWR and Ruby for Rails, SHA1 encryption is implemented. In
Rails Recipes (Chad F.) the authentication recipe used SHA2. My
basic understanding is SHA2 is stronger but curious as to why the
(seemingly) majority uses SHA1.

Anyone ?

And why don’t md5?

TIA

why use sha-256 when there is a sha-512?

well - the reasons.

  1. Stronger = slower (more or less)

  2. but more important. you have to choose something. There are tons of
    hashes out there, most of them more secure than you’ll ever need (who is
    going to use billions of $$$ to crack you website?), and sha is secure
    enough. sha is way more secure than md5 (which a lot of big sites still
    are using), and even though there are some known attacks on it, none of
    them are serious (not even FBI/CIA/whatever would be able to “break” you
    sha hashed password (if you have a proper password)).

So - if you should choose a hash. Would you use xxxOMG1337, or one that
is secure and compatible with the rest of the world (what if you had to
move to a new server without support for xxxOMG1337-hash).

Stuart Fellowes wrote:

Question out of curiousity here -
I notice particularly with various authentication plugins and books
like AWDWR and Ruby for Rails, SHA1 encryption is implemented. In
Rails Recipes (Chad F.) the authentication recipe used SHA2. My
basic understanding is SHA2 is stronger but curious as to why the
(seemingly) majority uses SHA1.

Anyone ?

TIA
Stuart