Home > IT Answers > Security > What is SHA-1 and MD-5 encryption?
Jbt
5 pts.
0
Q:
What is SHA-1 and MD-5 encryption?
Encryption
What is SHA-1 and MD-5 encryption?
ASKED: Feb 13 2008  6:53 PM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
RELATED QUESTIONS
0
TomLiotta
5055 pts.
0
A:
 RATE THIS ANSWER
-1
Click to Vote:
  •   0
  •  -1
  • AddThis Social Bookmark Button
SHA-1 and MD5 are two different encryption algorithms.

SHA-1 is a two way algorithm meaning that you can take the encrypted value, and decrypt the value to get the original plain text value back. This algorithm provides a good level of security for data, and is a standard algorithm which is used to protect credit card data when it is stored within a database.

MD5 is a one way hashing algorithm meaning that you can not take the hashed (or encrypted value) and decrypt it to get the original plain text value back. This provides an excellent level of security for things like passwords where you do not need the original value. To use an MD5 value you hash the value you want to check to see is encrypted and compare it to the stored hashed values for a match.

============================================================

Neither MD5 nor SHA-1 is an "encryption" algorithm. Both are "hashing" algorithms.

In the simple sense, something that is encrypted can later be decrypted to get the original back.

Something that is properly hashed stays that way; it is a 'fingerprint' of the original pattern that cannot be 'dehashed' to reconstruct the original.

Ideally, there is only a single unique hash value that can be derived from each unique string of characters.

Of course, it's easy to prove that that's not possible when hash values are small -- small as in 160 or 256 or 512 bits. But in practice, because the strings of characters aren't random, because they're patterns of words more than just patterns of letters, the number of likely hash values gets smaller.

The value of unique hashes is that they can be used to verify that the original string hasn't been changed. If I send you a message along with a hash, you can run the message through the hash algorithm to see if the same hash value comes out. If it does, you can feel confident that you're reading exactly what was written.

The passwords for your iSeries are stored in a "one-way" hashed form. When you enter the password for your user profile, it gets hashed and the result is compared to the stored hash value to see if it matches. That's why you can't find any passwords anywhere -- they aren't stored.

But don't confuse it with encryption.

Tom
Last Answered: Nov 6 2009  6:17 AM GMT by TomLiotta   5055 pts.
Latest Contributors: Mrdenny   47070 pts.
  •   
0
0
RSS - Discussions Help
Discuss This Answer:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _



_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Labnuke99   26375 pts.  |   Feb 14 2008  8:17PM GMT

Both are message authentication hash algorithms. This means that they are one-way and you cannot derive the original message from the hash produced by the algorithm.

SHA1 - The US Secure Hash Algorithm takes a message of less than 264 bits in length and produces a 160-bit message digest designed so that it is computationally very expensive to find a text string that matches a given hash.

MD5 - Message Digest 5 is a standard algorithm that takes as input a message of arbitrary length and produces as output a 128-bit fingerprint or message digest of the input. Any modifications made to the message in transit can then be detected by recalculating the digest. Similar in concept to a CRC, the MD5 algorithm is used as part of the SNMPv3 security subsystem

Please also see:
 <a href="http://en.wikipedia.org/wiki/HMAC-SHA1" title="http://en.wikipedia.org/wiki/HMAC-SHA1" target="_blank">http://en.wikipedia.org/wiki/HMAC-SHA1</a>

 
0