Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Create sha1 hashes using openssl' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Create sha1 hashes using openssl
Authored by: hopthrisC on Mar 01, '04 05:40:41PM

Just as clarification for the cryptographically uninitiated (nothing wrong with the posting!):

SHA1 is considered to be more secure than md5, which in turn is more secure than it's predecessor md4 (which is proven breakable). But on the other hand, SHA1 consumes more CPU time than md5, which can gain up to 50% on SHA1 when processing large files.

Secure meaning that an attacker cannot modify a file without changing the md5 or SHA1 hash. (Even if he can, he most probably has to change something obvious, like the file size).

If you only need to check integrity of files against accidents like hard disk crashes or noisy network connections, md4 (or even crc32) is probably all you ever need, while it saves even more time. The chance that a corrupted file has exactly the same hash (= checksum) as the original version is so small it isn't funny.



[ Reply to This | # ]
Create sha1 hashes using openssl
Authored by: the1truestripes on Mar 01, '04 06:30:26PM
Secure meaning that an attacker cannot modify a file without changing the md5 or SHA1 hash. (Even if he can, he most probably has to change something obvious, like the file size).

To clarify changing a file should change the hash (aka checksum) - that is what they are for! Normal checksums are geared towards detecting normal kinds of modifications (transposed charactors for manually entered input, butsts of bit errors for data transmitions), and towards being fast.

With normal hashes it is possiable to modify the contents of the file (or whatever is being hashed) and find a way to keep the checksum constant. When protecting against randomish errors this is fine. If you are trying to protect against a (potentally!) smart atacker it isn't so fine.

Cryptoragraphically strong hashes should change half their bits if there is a single bit change in their input. It should be expensave to determine which half too :-)

[ Reply to This | # ]