Do I need MD5 as a companion to SHA-1?












0















Do I need both MD5 and SHA-1 values to be sure the downloaded file is



a) Untouched by hackers. For example, when I need to download some app's .iso via torrents



and



b) Not corrupted during technical issues? For example, some unstable network connection during download.



Or, probably, SHA-1 value will be enough for both checks?



Also, is SHA-1 (without MD5) enough to be sure that some file downloaded years ago and stored somewhere on my HDD haven't degradated?










share|improve this question

























  • This is not a programming question. But the attack on SHA-1 in early 2017 required "the equivalent processing power as 6,500 years of single-CPU computations and 110 years of single-GPU computations", so SHA-1 should be safe enough.

    – Stijn
    Nov 23 '18 at 20:17
















0















Do I need both MD5 and SHA-1 values to be sure the downloaded file is



a) Untouched by hackers. For example, when I need to download some app's .iso via torrents



and



b) Not corrupted during technical issues? For example, some unstable network connection during download.



Or, probably, SHA-1 value will be enough for both checks?



Also, is SHA-1 (without MD5) enough to be sure that some file downloaded years ago and stored somewhere on my HDD haven't degradated?










share|improve this question

























  • This is not a programming question. But the attack on SHA-1 in early 2017 required "the equivalent processing power as 6,500 years of single-CPU computations and 110 years of single-GPU computations", so SHA-1 should be safe enough.

    – Stijn
    Nov 23 '18 at 20:17














0












0








0








Do I need both MD5 and SHA-1 values to be sure the downloaded file is



a) Untouched by hackers. For example, when I need to download some app's .iso via torrents



and



b) Not corrupted during technical issues? For example, some unstable network connection during download.



Or, probably, SHA-1 value will be enough for both checks?



Also, is SHA-1 (without MD5) enough to be sure that some file downloaded years ago and stored somewhere on my HDD haven't degradated?










share|improve this question
















Do I need both MD5 and SHA-1 values to be sure the downloaded file is



a) Untouched by hackers. For example, when I need to download some app's .iso via torrents



and



b) Not corrupted during technical issues? For example, some unstable network connection during download.



Or, probably, SHA-1 value will be enough for both checks?



Also, is SHA-1 (without MD5) enough to be sure that some file downloaded years ago and stored somewhere on my HDD haven't degradated?







security hash md5 sha1 sha






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 23 '18 at 20:13







john c. j.

















asked Nov 23 '18 at 20:06









john c. j.john c. j.

6861133




6861133













  • This is not a programming question. But the attack on SHA-1 in early 2017 required "the equivalent processing power as 6,500 years of single-CPU computations and 110 years of single-GPU computations", so SHA-1 should be safe enough.

    – Stijn
    Nov 23 '18 at 20:17



















  • This is not a programming question. But the attack on SHA-1 in early 2017 required "the equivalent processing power as 6,500 years of single-CPU computations and 110 years of single-GPU computations", so SHA-1 should be safe enough.

    – Stijn
    Nov 23 '18 at 20:17

















This is not a programming question. But the attack on SHA-1 in early 2017 required "the equivalent processing power as 6,500 years of single-CPU computations and 110 years of single-GPU computations", so SHA-1 should be safe enough.

– Stijn
Nov 23 '18 at 20:17





This is not a programming question. But the attack on SHA-1 in early 2017 required "the equivalent processing power as 6,500 years of single-CPU computations and 110 years of single-GPU computations", so SHA-1 should be safe enough.

– Stijn
Nov 23 '18 at 20:17












1 Answer
1






active

oldest

votes


















1














From a security perspective MD-5 is utterly broken.



SHA-1 is considered suspicious, and avoided for most uses if at all possible. For new projects: don't use it at all.



SHA-2 (aka SHA-256, SHA-512, etc.) is still widely used for fast hashes.



SHA-3 is the future since 2012, nothing is stopping you from using it already. I see little reason not to use it for new projects.



What's the problem with older ones:




  • Their resistance to finding collisions is below par: This is an attacker creating 2 contents that have the same hash. These are constructed at the same time. This problem is there for MD5 and SHA-1, and it's BAD, but requires the attacker creating both versions (and then they can do a switch at any time they want undetected).

  • Their resistance to length extension attacks is relatively weak. This is especially true for MD5, but SHA-1 and even SHA-2 to some degree suffer from it.


When is it not a problem: to ensure your disk has not produced an error: and hash will do, even a simple CRC32 will work wonders (and I'd recommend the simpler CRC check), or a RAID array, as these can fix errors, not just detect them.



Use both ?
Well if you have to find a collision on one hash and have that same set of plaintexts also produce a collision on another hash, is probably more difficult. This approach has been used in the past, The original PGP did something like it. If I'm not mistaken it had a number of things it calculated, one of them simply the length (which would prevent the extension attack above).



So yes, it likely adds something, but the way md5 and SHA-1 and SHA-2 work internally is quite similar, and that's the worrisome part: they are too much alike to be sure just how much it adds against a highly sophisticated attacker (think the level of the NSA and their counterparts).



So why not use one of the more modern versions of SHA-2, or even better SHA-3 ? They've no known weaknesses and have been peer-reviewed heavily. As such for any commercial level use, they should be more than enough.



Refs:




  • https://en.wikipedia.org/wiki/Length_extension_attack

  • https://en.wikipedia.org/wiki/Collision_attack

  • https://stackoverflow.com/questions/tagged/sha-3






share|improve this answer























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53452410%2fdo-i-need-md5-as-a-companion-to-sha-1%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1














    From a security perspective MD-5 is utterly broken.



    SHA-1 is considered suspicious, and avoided for most uses if at all possible. For new projects: don't use it at all.



    SHA-2 (aka SHA-256, SHA-512, etc.) is still widely used for fast hashes.



    SHA-3 is the future since 2012, nothing is stopping you from using it already. I see little reason not to use it for new projects.



    What's the problem with older ones:




    • Their resistance to finding collisions is below par: This is an attacker creating 2 contents that have the same hash. These are constructed at the same time. This problem is there for MD5 and SHA-1, and it's BAD, but requires the attacker creating both versions (and then they can do a switch at any time they want undetected).

    • Their resistance to length extension attacks is relatively weak. This is especially true for MD5, but SHA-1 and even SHA-2 to some degree suffer from it.


    When is it not a problem: to ensure your disk has not produced an error: and hash will do, even a simple CRC32 will work wonders (and I'd recommend the simpler CRC check), or a RAID array, as these can fix errors, not just detect them.



    Use both ?
    Well if you have to find a collision on one hash and have that same set of plaintexts also produce a collision on another hash, is probably more difficult. This approach has been used in the past, The original PGP did something like it. If I'm not mistaken it had a number of things it calculated, one of them simply the length (which would prevent the extension attack above).



    So yes, it likely adds something, but the way md5 and SHA-1 and SHA-2 work internally is quite similar, and that's the worrisome part: they are too much alike to be sure just how much it adds against a highly sophisticated attacker (think the level of the NSA and their counterparts).



    So why not use one of the more modern versions of SHA-2, or even better SHA-3 ? They've no known weaknesses and have been peer-reviewed heavily. As such for any commercial level use, they should be more than enough.



    Refs:




    • https://en.wikipedia.org/wiki/Length_extension_attack

    • https://en.wikipedia.org/wiki/Collision_attack

    • https://stackoverflow.com/questions/tagged/sha-3






    share|improve this answer




























      1














      From a security perspective MD-5 is utterly broken.



      SHA-1 is considered suspicious, and avoided for most uses if at all possible. For new projects: don't use it at all.



      SHA-2 (aka SHA-256, SHA-512, etc.) is still widely used for fast hashes.



      SHA-3 is the future since 2012, nothing is stopping you from using it already. I see little reason not to use it for new projects.



      What's the problem with older ones:




      • Their resistance to finding collisions is below par: This is an attacker creating 2 contents that have the same hash. These are constructed at the same time. This problem is there for MD5 and SHA-1, and it's BAD, but requires the attacker creating both versions (and then they can do a switch at any time they want undetected).

      • Their resistance to length extension attacks is relatively weak. This is especially true for MD5, but SHA-1 and even SHA-2 to some degree suffer from it.


      When is it not a problem: to ensure your disk has not produced an error: and hash will do, even a simple CRC32 will work wonders (and I'd recommend the simpler CRC check), or a RAID array, as these can fix errors, not just detect them.



      Use both ?
      Well if you have to find a collision on one hash and have that same set of plaintexts also produce a collision on another hash, is probably more difficult. This approach has been used in the past, The original PGP did something like it. If I'm not mistaken it had a number of things it calculated, one of them simply the length (which would prevent the extension attack above).



      So yes, it likely adds something, but the way md5 and SHA-1 and SHA-2 work internally is quite similar, and that's the worrisome part: they are too much alike to be sure just how much it adds against a highly sophisticated attacker (think the level of the NSA and their counterparts).



      So why not use one of the more modern versions of SHA-2, or even better SHA-3 ? They've no known weaknesses and have been peer-reviewed heavily. As such for any commercial level use, they should be more than enough.



      Refs:




      • https://en.wikipedia.org/wiki/Length_extension_attack

      • https://en.wikipedia.org/wiki/Collision_attack

      • https://stackoverflow.com/questions/tagged/sha-3






      share|improve this answer


























        1












        1








        1







        From a security perspective MD-5 is utterly broken.



        SHA-1 is considered suspicious, and avoided for most uses if at all possible. For new projects: don't use it at all.



        SHA-2 (aka SHA-256, SHA-512, etc.) is still widely used for fast hashes.



        SHA-3 is the future since 2012, nothing is stopping you from using it already. I see little reason not to use it for new projects.



        What's the problem with older ones:




        • Their resistance to finding collisions is below par: This is an attacker creating 2 contents that have the same hash. These are constructed at the same time. This problem is there for MD5 and SHA-1, and it's BAD, but requires the attacker creating both versions (and then they can do a switch at any time they want undetected).

        • Their resistance to length extension attacks is relatively weak. This is especially true for MD5, but SHA-1 and even SHA-2 to some degree suffer from it.


        When is it not a problem: to ensure your disk has not produced an error: and hash will do, even a simple CRC32 will work wonders (and I'd recommend the simpler CRC check), or a RAID array, as these can fix errors, not just detect them.



        Use both ?
        Well if you have to find a collision on one hash and have that same set of plaintexts also produce a collision on another hash, is probably more difficult. This approach has been used in the past, The original PGP did something like it. If I'm not mistaken it had a number of things it calculated, one of them simply the length (which would prevent the extension attack above).



        So yes, it likely adds something, but the way md5 and SHA-1 and SHA-2 work internally is quite similar, and that's the worrisome part: they are too much alike to be sure just how much it adds against a highly sophisticated attacker (think the level of the NSA and their counterparts).



        So why not use one of the more modern versions of SHA-2, or even better SHA-3 ? They've no known weaknesses and have been peer-reviewed heavily. As such for any commercial level use, they should be more than enough.



        Refs:




        • https://en.wikipedia.org/wiki/Length_extension_attack

        • https://en.wikipedia.org/wiki/Collision_attack

        • https://stackoverflow.com/questions/tagged/sha-3






        share|improve this answer













        From a security perspective MD-5 is utterly broken.



        SHA-1 is considered suspicious, and avoided for most uses if at all possible. For new projects: don't use it at all.



        SHA-2 (aka SHA-256, SHA-512, etc.) is still widely used for fast hashes.



        SHA-3 is the future since 2012, nothing is stopping you from using it already. I see little reason not to use it for new projects.



        What's the problem with older ones:




        • Their resistance to finding collisions is below par: This is an attacker creating 2 contents that have the same hash. These are constructed at the same time. This problem is there for MD5 and SHA-1, and it's BAD, but requires the attacker creating both versions (and then they can do a switch at any time they want undetected).

        • Their resistance to length extension attacks is relatively weak. This is especially true for MD5, but SHA-1 and even SHA-2 to some degree suffer from it.


        When is it not a problem: to ensure your disk has not produced an error: and hash will do, even a simple CRC32 will work wonders (and I'd recommend the simpler CRC check), or a RAID array, as these can fix errors, not just detect them.



        Use both ?
        Well if you have to find a collision on one hash and have that same set of plaintexts also produce a collision on another hash, is probably more difficult. This approach has been used in the past, The original PGP did something like it. If I'm not mistaken it had a number of things it calculated, one of them simply the length (which would prevent the extension attack above).



        So yes, it likely adds something, but the way md5 and SHA-1 and SHA-2 work internally is quite similar, and that's the worrisome part: they are too much alike to be sure just how much it adds against a highly sophisticated attacker (think the level of the NSA and their counterparts).



        So why not use one of the more modern versions of SHA-2, or even better SHA-3 ? They've no known weaknesses and have been peer-reviewed heavily. As such for any commercial level use, they should be more than enough.



        Refs:




        • https://en.wikipedia.org/wiki/Length_extension_attack

        • https://en.wikipedia.org/wiki/Collision_attack

        • https://stackoverflow.com/questions/tagged/sha-3







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 23 '18 at 20:42







        user3277192







































            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53452410%2fdo-i-need-md5-as-a-companion-to-sha-1%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Wiesbaden

            Marschland

            Dieringhausen