Hi,
After reading the topic "Is MD5 really that bad", I was thinking about a better solution for generating hashes. Are there better solutions like Adler
, CRC32
or SHA1
? Or are they even broken?
Hi,
After reading the topic "Is MD5 really that bad", I was thinking about a better solution for generating hashes. Are there better solutions like Adler
, CRC32
or SHA1
? Or are they even broken?
CRC32 is probably the worst thing you could possibly use for passwords (besides maybe crc16 :). Cyclic Redundancy Checks are to detect if a message has been damaged though natural causes, it is trivial to generate collisions using nothing more than algebra. SHA0 and SHA1 are also broken, although unlike md5() no one has generated a SHA1 collision, but it is believed to be computationally feasible with our current technology.
Any member of the SHA-2 family should be used. Sha-256 is good, SHA-512 is probably more than you need. NIST is holding the SHA-3 competition right now and this will be finalized sometime in 2012. (Skein for the win!)
If you are looking for a cryptographic hash function, Adler and CRC32 are really bad idea. SHA-1 is also broken already, but in a much less dangerous way than MD5. However, this will probably change in the future.
Right now the only sensible choice seems to be to use SHA-256, possibly truncating the digest to the desired length.