What is MD5 / SHA2 ?

  1. MD5
    Currently, the most commonly used hash function is MD5. It generates a constant 128 bit result, usually saved as a string of 32 characters representing hexadecimal notation.

Despite the popularity of MD5, it is no longer considered a completely secure function – many techniques have been developed that collide this function. One of them is the MD5 Tunneling method which finds a collision in less than 10 seconds, using the power of an average class laptop.

Such discoveries are of course interesting, but in practice they do not significantly affect the security of the MD5 hashes. Most collision finding techniques give binary data on the MD5 input, i.e. data from a much broader range than ASCII characters.

Although there are no effective methods today for collisions in MD5 hashes, it is discouraged to use this function. There are real indications that this situation will change in the coming years.

You can download free software for windows for generating md5 hashes check here.

More information about the MD5 function can be found in Wikipedia and RFC1321. Programs along with an explanation of the MD5 Tunneling technique can be found here. The example of collision in MD5 together with the visualization of internal states of the algorithm blocks can be seen here.

  1. SHA
    SHA0 was the first feature belonging to the Secure Hash Alghoritm family. At this time, SHA0 shares the fate of MD4 – in both of these functions collisions were found allowing to quickly recover the original password or its equivalent.

SHA1 is currently MD5’s biggest competitor. There are several theoretical attacks on this function, but in practice they do not yet threaten the security of the hash. However, these types of situations suggest that you might want to be interested in a newer version of the algorithm.

SHA2 is currently one of the safest versions of the SHA family algorithms. SHA2 exists in four varieties: SHA-224, SHA-256, SHA-384 and SHA-512. All variants work in a similar way, however, they use data structures of different sizes and return hashes of different lengths.

SHA2 provides a high level of security. Unfortunately, functions from this group are not often used, because their use often requires the compilation of additional modules (e.g. to databases). An additional reason was also waiting for the final version of the SHA3 algorithm.

On October 2, 2012, the SHA3 algorithm was introduced, which uses a new approach – so theoretically, attacks on earlier versions of SHA should not affect its security. Unfortunately – it’s still a very fast algorithm.