On Jun 7, 2005, at 3:25 PM, NSK wrote:
On Tuesday 07 June 2005 08:40, Nathan Wheatley wrote:
MD5, or SHA-1 [...] (MD5 [...] used by Drupal)
Isn't SHA-1 more secure than MD5? MD5 is 128bit but SHA-1 is 160bit.
I think both are crackable today, but MD5 is more well-known and therefore an easier target for cracking. I recently had to choose between MD5 and SHA1 for an application, and I chose SHA-1.
It's time dependent. Just because something CAN be cracked doesn't mean it will for the application. So if you want a password for a bank you use something that's harder. If you are hashing for instant messages that will read inside of 5 seconds then MD5 isn't going to be broken in that timeframe. I've yet to hear of MD5 being casually exploited for simple end user applications. Cheers, Kieran
-- NSK http://portal.wikinerds.org