If MD5 is broken, what is a better solution?

2019-01-19 15:17发布

问题:

After reading the topic "Is MD5 really that bad", I was thinking about a better solution for generating hashes. Are there better solutions like Adler, CRC32 or SHA1? Or are they broken as well?

回答1:

CRC32 is probably the worst thing you could possibly use for passwords (besides maybe crc16 :). Cyclic Redundancy Checks are to detect if a message has been damaged though natural causes, it is trivial to generate collisions using nothing more than algebra. SHA0 and SHA1 are also broken, although unlike md5() no one has generated a SHA1 collision, but it is believed to be computationally feasible with our current technology.

Any member of the SHA-2 family should be used. Sha-256 is good, SHA-512 is probably more than you need. NIST is holding the SHA-3 competition right now and this will be finalized sometime in 2012. (Skein for the win!)



回答2:

If you are looking for a cryptographic hash function, Adler and CRC32 are really bad idea. SHA-1 is also broken already, but in a much less dangerous way than MD5. However, this will probably change in the future.

Right now the only sensible choice seems to be to use SHA-256, possibly truncating the digest to the desired length.



回答3:

SHA1 has some theoretical attacks but AFAIK there is still nothing practical that will let you break it as of yet.

SHA2 seems to hold steady for now.