SHA: The Birth Mother of Secure Hashing Standards

SHA was originally designed by the NSA in 1993 and set as the algorithm to be used as the Secure Hash Standard. The reason SHA was considered to be more secure is because it was actually modeled after MD4, but came with some improvements. In 1995, due to an "undisclosed security problem", the NSA improved upon SHA and released SHA-1. This was a good thing since in 1998 two men had discovered what was considered to be a differential collision attack against the original SHA. Currently, according to the NSA there are no full cryptographic attacks against version SHA-1. In 2005 and 2006, during a session at Crypto, there were a few people that were successful in performing partial collision attacks with SHA-1, proving it is not as solid as the NSA would hope. Since SHA-1 was found less secure than first thought, the NIST and NSA also put forth SHA-224, SHA-256, SHA-384, and SHA-512. Each number following SHA stands for the amount of bits it produces.

So what is the difference between SHA-1, MD5, and CRC-32? SHA-1 produces a 160-bit hash value, where as MD5 produces only 128-bit and CRC-32 produces 32-bits. Because of the length of bit value, SHA-1 has taken over the place of MD5 in such application protocols as TLS and SSL, IPSec, PGP, S/Mime, and SSH. However, many of the Unix/Linux operating systems actually still use MD5 over SHA-1. Even though SHA-1 has taken the lead over MD5 as being more secure, MD5 is still somewhat faster. SHA-1 runs at 160-bits and 20 bytes message digest, but MD5 runs at 128-bits and only 16 bytes. This means that MD5 actually has a faster implementation than the preferred SHA-1. The good thing about both hashing algorithms is that neither allows for the message digest, or fingerprint, to be reversed. This means that the digest will identify the data as unique, but it will not retrieve any of the data from the message digest.

So, if both MD5 and SHA-1 do not retrieve the data from the message digest and both run at 128-bits, why is SHA-1 preferred? Even though MD5 is faster and there were at least 2 proven limited breaks in SHA-1, it is still seen as being more secure and up-to-date than MD5. Perhaps part of the thinking behind this also stems from the fact that SHA-1 was developed from MD5 and MD5 was created four years before SHA-1. I guess it goes to show that people will always prefer the newer version of anything, which may be why the other versions of SHA are slowly making their way into the spotlight as well.