Sha1 or md5?


#1

I’m building a site that requires user log-in and i have seen the Agile
book using sha1 for password hashing while R-Forum uses md5.

Is there any compelling argument to use one over the other?


#2

On 2/5/06, Gonzalo R. removed_email_address@domain.invalid wrote:

I’m building a site that requires user log-in and i have seen the Agile
book using sha1 for password hashing while R-Forum uses md5.

Is there any compelling argument to use one over the other?

Both have problems, both are fine…
http://www.schneier.com/blog/archives/2005/02/sha1_broken.html


Jonas
Elfström


#3

MD5 is known to be broken. Completely and utterly. SHA1 has been
sucessfully attacked, but not broken.

I would go with SHA1 and a good SALT.


#4

On 2/5/06, Juraci Krohling C. removed_email_address@domain.invalid wrote:

MD5 isn’t broken. Some guys could make colisions w/ strings encrypted
w/ MD5. It just means that somebody can possibly find a string that
corresponds to the MD5 string, originally encripted via another string.
Ex.:
“somestring” = 123abc123abc123abc123abc123abc123abc
“anotherstring” = 123abc123abc123abc123abc123abc123abc

This equals broken. Let me give you a more appropriate example:

“password1” = 123abc123abc123abc123abc123abc123abc
“anotherpassword” = 123abc123abc123abc123abc123abc123abc

Obviously, its not a trivial task to get a “colision” MD5 string. Its

just easier to find another vulnerability in your app than to get a
colision.

It is not trivial, but not difficult either.

So, both are secure, but I prefer SHA1 because it have a variable


#5

MD5 isn’t broken. Some guys could make colisions w/ strings encrypted
w/ MD5. It just means that somebody can possibly find a string that
corresponds to the MD5 string, originally encripted via another string.
Ex.:
“somestring” = 123abc123abc123abc123abc123abc123abc
“anotherstring” = 123abc123abc123abc123abc123abc123abc

Obviously, its not a trivial task to get a “colision” MD5 string. Its
just easier to find another vulnerability in your app than to get a
colision.

So, both are secure, but I prefer SHA1 because it have a variable
length, making colisions even harder.

Regards,
Juca.


#6

thanks for all the responses folks. I guess i will be using SHA1 then

and as for this:

Tobias L. wrote:

That does not equal broken for the purposes of login. An attacker
would have to somehow get his hands on the md5 representation which
doesn’t leave your db / app space usually.

my argument is based in the case that there could be more than one admin
on the site so he also has access to the db, and also since i won’t be
using SSL or anything like that, the user/password hash could be
sniffed.
I know, i’m a bit paranoid but you know the drill… you are never
overzealous enough when it comes to security.


#7

That does not equal broken for the purposes of login. An attacker
would have to somehow get his hands on the md5 representation which
doesn’t leave your db / app space usually.

“somestring” = 123abc123abc123abc123abc123abc123abc
“anotherstring” = 123abc123abc123abc123abc123abc123abc

This equals broken. Let me give you a more appropriate example:

“password1” = 123abc123abc123abc123abc123abc123abc
“anotherpassword” = 123abc123abc123abc123abc123abc123abc


Tobi
http://shopify.com - modern e-commerce software
http://typo.leetsoft.com - Open source weblog engine
http://blog.leetsoft.com - Technical weblog


#8

Gonzalo R. wrote:

my argument is based in the case that there could be more than one admin
on the site so he also has access to the db, and also since i won’t be
using SSL or anything like that, the user/password hash could be
sniffed.
I know, i’m a bit paranoid but you know the drill… you are never
overzealous enough when it comes to security.

Are you using client side SHA1 library? If not… and you are using
SSL, how exactly are you
planning on providing security for the administrator’s login
credentials?

Zach


#9

On 2/5/06, Gonzalo R. removed_email_address@domain.invalid wrote:

my argument is based in the case that there could be more than one admin
on the site so he also has access to the db, and also since i won’t be
using SSL or anything like that, the user/password hash could be
sniffed.
I know, i’m a bit paranoid but you know the drill… you are never
overzealous enough when it comes to security.

If someone you don’t trust has access to your database, you have
bigger problems than reverse engineering a user password.

– James