Firewall Wizards mailing list archives
RE: MD5 x SHA-1
From: "Bill Royds" <broyds () rogers com>
Date: Fri, 6 Dec 2002 22:07:57 -0500
I once did a comparison of MD5 versus SHA1 when generating checksums of binaries before backing them up. Our policy was to calculate a cryptographic checksum has of every file in backup, put that on backup tape, then the backup ufsdump. Saved our bacon several times when we could trace back to exactly when a file was corrupted. MD5 is about 50% faster than SHA1, but as others have said SHA1 is considered more secure. Basically there is a greater chance of an attacker being able to add nonce bytes to a modified file to get same hash with MD5 than SHA1 (SHA1 uses more widely distributed bytes to generate the hash). But the modifications that allow one to spoof the hash are generally computationally difficult to calculate and modify the file in other obvious ways (file size, in particular). -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of Brian A Kee Sent: Sat December 07 2002 06:45 To: firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] MD5 x SHA-1 In my experience better is relative. I will assume that you are meaning which is more secure. Everything that I have read states that SHA-1 is the more secure hashing algorythm. They also state that there is a performance cost associated with this algorythm compared to MD5. I have never really taken the time actually test what the performance cost difference is, nor whether or not the algorythm is actually more secure. This information can be found in various textbooks including Applied Crytpography. I beleive that this is referenced in many vendor IPSEC configurration guides. In my experience, both seem to be as good an the other. I have configured many a VPN where I have chosen either algorythm. I have been equally happy with both applications. TM -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of Roberto Joao Lopes Garcia Sent: Friday, December 06, 2002 12:06 PM To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] MD5 x SHA-1 Hi I need to know which is better as a file hash, that is, to see if a file was modified MD5 or SHA-1 Can some one, please, point me to some information Thank you Roberto _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- MD5 x SHA-1 Roberto João Lopes Garcia (Dec 06)
- Re: MD5 x SHA-1 Marcus J. Ranum (Dec 06)
- Re: MD5 x SHA-1 John Adams (Dec 06)
- Re: MD5 x SHA-1 Kevin Steves (Dec 07)
- Re: MD5 x SHA-1 John Adams (Dec 07)
- Re: MD5 x SHA-1 Kevin Steves (Dec 07)
- RE: MD5 x SHA-1 Brian A Kee (Dec 06)
- RE: MD5 x SHA-1 Bill Royds (Dec 07)
- Re: MD5 x SHA-1 Adam Shostack (Dec 07)
- RE: MD5 x SHA-1 Bill Royds (Dec 07)