Friday, September 11, 2015

MD5 and SHA-1 – Which One To Select For HMAC ?

If not redirected, please click here

MD5 and SHA-1, both are well known cryptographic hash functions. And HMAC is a well-known keyed hash based message authentication code, involving a cryptographic hash function and a secret cryptographic key.

Before we go to the topic of which one to use, let's first understand properly which one does what.

What are MD5, SHA-1 and HMAC ?

MD5 is one in a series of message-digest algorithm, designed by Prof. Ronald Rivest of MIT. It produces a 128 bit hash value typically expressed in text format as a 32 digit hexadecimal number.

SHA-1 is also a cryptographic hash function, designed by the United States National Security Agency. SHA-1 produces a 160 bit hash value, typically expressed as a 40 digit hexadecimal number. SHA-1 is a member of Secure Hash Algorithm family. SHA-1 is similar to SHA-0, but alters the original SHA hash specification to correct some weaknesses. SHA-2 was published in 2001, its hash function is significantly different from that of SHA-1. In 2005, cryptoanalysts found attacks on SHA-1, suggesting the algorithm might not be secure enough for ongoing use. Although no successful attacks have been reported on SHA-2, NIST selected an additional algorithm and standardized SHA-3 in 2012.

HMAC involves a cryptographic hash function and a cryptographic key. The iterative hash function breaks the message in fixed size blocks and iterates over them. The size of output of HMAC is same as that of underlying hash function, though it can be truncated if desired.

Which one of MD5 and SHA-1 is better for HMAC ?

Let's first compare security strength of MD5 with SHA-1.

The security of MD5 hash function is severely compromised. There is a collision attack, which means the attack can find collisions in MD5, within seconds. In fact, a number of projects have published MD5 rainbow tables online, which can be used to reverse many MD5 hashes into strings that collide with the original input, usually for the purposes of password cracking. So, if we think about security, SHA-1 is a better option than MD5.

But does that mean HMAC-SHA-1 is better than HMAC-MD5?

Cryptographic strength of HMAC depends on the size of the secret key that is used. The most common attack on HMAC is the brute force to uncover the underlying secret key. But HMACs are substantially less affected by collisions than their underlying hashing algorithm alone. Therefore, HMAC-MD5 does not suffer from the same weaknesses that have been found on MD5 alone.

So, that means we can safely use HMAC-MD5. Both HMAC-MD5 and HMAC-SHA-1 are good enough for our purposes.

No comments:

Post a Comment