Scribd
Upload
9 views5 pages

MD 5

This document analyzes the vulnerabilities of MD5 and SHA-1 hashing algorithms, highlighting their unsuitability for security-sensitive applications due to collision attacks. It discusses the historical context, performance, and deprecation of both algorithms, recommending stronger alternatives like SHA-256 and SHA-3 for cryptographic security. The study also includes code examples for hashing and measuring execution time.

Uploaded by

Saif Madre
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
9 views5 pages

MD 5

This document analyzes the vulnerabilities of MD5 and SHA-1 hashing algorithms, highlighting their unsuitability for security-sensitive applications due to collision attacks. It discusses the historical context, performance, and deprecation of both algorithms, recommending stronger alternatives like SHA-256 and SHA-3 for cryptographic security. The study also includes code examples for hashing and measuring execution time.

Uploaded by

Saif Madre
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

EXPERIMENT 5: Analysis of MD5 and SHA-1 Hashing Algorithms

Saif Madre
Department of Computer Engineering
M.H Saboo Siddik College of Engineering
Mumbai, India
[email protected]

Aim—For varying message sizes, test the integrity of the message using MD5, SHA-1, and
analyse the performance the two protocols.
Keywords— Hashing, SHA1, MD5.

I. INTRODUCTION
Hashing is a fundamental cryptographic technique that transforms input data into a fixed-size
hash value. Cryptographic hash functions ensure data integrity, authentication, and digital
signatures. However, with advances in computational power, vulnerabilities have been
discovered in older hashing algorithms like MD5 and SHA-1, making them unsuitable for
security-sensitive applications. This study examines the efficiency, security, and execution time
of MD5 and SHA-1 to highlight their limitations and the need for more secure alternatives.

II. MD5

MD5 (Message-Digest Algorithm 5) is a cryptographic hash function developed by Ronald


Rivest in 1991 as an improvement over MD4. It takes an input of any length and produces a
fixed 128-bit hash value, commonly represented as a 32-character hexadecimal number. MD5
was widely used for verifying data integrity, password hashing, and digital signatures due to its
speed and efficiency. However, over time, cryptographic researchers discovered serious
vulnerabilities, including collision attacks, where two different inputs can produce the same
hash. This flaw compromises its security, making it unsuitable for encryption or digital
signatures. By 2008, MD5 was officially deemed insecure for cryptographic use, and experts
now recommend stronger alternatives like SHA-256. Despite its weaknesses, MD5 is still used
in non-security-critical applications, such as checksums for file verification, where speed is
prioritized over security.

III. SHA-1
SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function developed by the NSA
and standardized by NIST, producing a 160-bit hash value typically represented as a 40-digit
hexadecimal number. Initially widely used in security protocols like TLS, SSL, PGP, SSH, and
IPsec, SHA-1 has been found to be cryptographically weak due to collision attacks, making it
unsuitable for security-sensitive applications. Since 2005, researchers have demonstrated
vulnerabilities, leading to its deprecation by NIST in 2011 and its disallowance for digital
signatures in 2013. In 2017, Google and CWI Amsterdam
Fig. 1. Block diagram for one round of MD5

successfully performed a collision attack, proving its insecurity. Major web browsers stopped
accepting SHA-1 SSL certificates the same year, and Microsoft discontinued SHA-1 code
signing support in 2020. While SHA-1 is still used in some non-security applications, such as
Git for data integrity verification, experts strongly recommend migrating to SHA-2 or SHA-3
for cryptographic security.
Fig2. Block Diagram for one round of SHA-1

IV. CODE

import hashlib
import timeit

def sha1_hash(data: str) -> str:


"""Returns the SHA-1 hash of the given input string."""
sha1 = hashlib.sha1()
sha1.update(data.encode('utf-8'))
return sha1.hexdigest()

def md5_hash(data: str) -> str:


"""Returns the MD5 hash of the given input string."""
md5 = hashlib.md5()
md5.update(data.encode('utf-8'))
return md5.hexdigest()

def measure_time(func, data: str, num_runs: int = 1000):


"""Measures the execution time of the given hash function."""
return timeit.timeit(lambda: func(data), number=num_runs)
# Get user input
text = input("Enter the message to hash: ")
size = len(text) # Calculate the size of the input message

# Compute hashes
sha1_result = sha1_hash(text)
md5_result = md5_hash(text)

V. OUTPUT
VI.CONCLUSION

This study highlights the vulnerabilities of MD5 and SHA-1, emphasizing their deprecation
in security- critical applications. While MD5 remains useful for checksums and SHA-1 is still
used in data verification systems like Git, neither should be used for cryptographic security.
Instead, stronger alternatives like SHA- 256 and SHA-3 should be adopted for modern security
needs.

REFERENCES
[1] ”MD5,” Wikipedia, https://en.wikipedia.org/wiki/MD5.

[2] ”SHA-1,” Wikipedia, https://en.wikipedia.org/wiki/SHA-1.

You might also like