MD5 or SHA1?
View Single Post
02-11-2008, 07:22 PM
Join Date: Jan 2008
Of course, but SHA1 was designed by military-grade sources and released to the public after a time. Hashes are simply used for encryption, they do not themselves provide encryption. Hence the freedom to give secure hashes. The encryption algorithm is more important than the hash in cryptology, as a poor cipher will mathematically reveal the hash.
The original specification of the algorithm was published in 1993 as the Secure Hash Standard, FIPS PUB 180, by US government standards agency NIST (National Institute of Standards and Technology). This version is now often referred to as SHA-0. It was withdrawn by the NSA shortly after publication and was superseded by the revised version, published in 1995 in FIPS PUB 180-1 and commonly referred to as SHA-1. SHA-1 differs from SHA-0 only by a single bitwise rotation in the message schedule of its compression function; this was done, according to the NSA, to correct a flaw in the original algorithm which reduced its cryptographic security. However, the NSA did not provide any further explanation or identify what flaw was corrected. Weaknesses have subsequently been reported in both SHA-0 and SHA-1. SHA-1 appears to provide greater resistance to attacks, supporting the NSA’s assertion that the change increased the security.
SHA hash functions - Wikipedia, the free encyclopedia
-- SHA-0 and SHA-1
Programmers are in a race with the Universe to create bigger and better idiot-proof programs, while the Universe is trying to create bigger and better idiots. So far the Universe is winning.
- Rich Cook
View Public Profile
Send a private message to RobertK
Find More Posts by RobertK