Am Mittwoch, 2. April 2008 schrieb sanjay sharma:
> md5 is not being recommended anywhere because it contains hash collision.
> Therefore either it should be replaced with SHA1 or any other good hash
> algorithm or taken out of core completely. md5 in core is worthless now.I
> am not using it in my application. I am using SHA1 in client/web tier for
> password hashing.
> Would replacing md5 with SHA1 in core involve much work?
The vulnerabilities that exist for MD5 and SHA1 involve finding two random
input strings that create the same hash values. This is possible for MD5
*and* SHA1 now, so asking for SHA1 to replace MD5 is completely pointless.
What is not possible with either MD5 or SHA1 is finding an input string that
creates the same hash value as a given input string (except by googling, but
that affects all algorithms). So using MD5 for encrypting passwords or
digesting known data values or tarballs can be considered secure at the
moment.
If you are dealing with certificate infrastructures, where the hash collision
vulnerability described above might be relevant, you are certainly going to
use some library such as openssl, and those have already moved away from
using MD5 and SHA1 anyway.