MD5, SHA1, and SHA256

MD5 and SHA are hash functions that take a piece of data, compact it, and create a unique output that is very hard to duplicate with a different piece of data. You cannot take MD5 or SHA output and “unhash” it to get back to your starting point. The difference between the two lies in what algorithm they use to create the hash.

SHA – stands for the secure hash algorithm. Introduced in 1993 by the NSA with SHA0, it generates unique hash values from files.

There are several versions of SHA:
• SHA0 (obsolete)
• SHA1 (easily reversed)
• SHA2 (SHA2 is a family consisting of SHA256 and SHA512)
• SHA3 (not yet widely used)

There are several differences in MD5, SHA1, and SHA256, most notably, the hash length. Once again, using our “hello” example (all lower case, no quotations):

MD5:
5d41402abc4b2a76b9719d911017c592

SHA1:
AAF4C61DDCC5E8A2DABEDE0F3B482CD9AEA9434D

SHA256:
2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824

Obviously, the more characters, or longer the hash, the less likely the “code” is broken. Regardless, the hash is still subject to attack. There are two kinds of attacks specific to hash:

• Collision is when two different files produce an identical hash. It is then possible to substitute a file for another.
• Preimage is an attack in which hash functions attempt to find a message with a specific value.

The first one consists of ‘guessing’ a file value from its hash. The other uses a hash to create a value different from the one used to generate the hash.