New answer as of February 23rd 2017 For more than six years, the SHA1 cryptographic hash function underpinning Internet security has been at death’s door. Now it’s officially dead, thanks to the submission of the first known instance of a fatal exploit known as a “collision.” Previous answer (no longer accurate) There is no known … Read more
SHA512, SHA256, SHA1, and MD5 are vulnerable to a length extension attack. SHA224 and SHA384 are not since reduced output to internal state, SHA3 is also not vulnerable. Having that in mind, SHA512 is a good cryptographic collision-resistant hash function.
An MD5 value is always 22 (useful) characters long in Base64 notation. Many Base64 algorithms will also append 2 characters of padding when encoding an MD5 hash, bringing the total to 24 characters. The padding adds no useful information and can be discarded. Only the first 22 characters matter. Here’s why: An MD5 hash is … Read more
Revisited, August 2014 Prompted by Arnaud Bouchez in a recent comment, and in view of other answers and comments, I acknowledge that the original answer needs to be altered or for the least qualified. I left the original as-is, at the end, for reference. First, and maybe most important, a fair answer to the question … Read more
Yes, otherwise MD5 would be useless for things like file verification. What reason would you have for non deterministic output?
1) To shorten the UUID, you can simply XOR the top half with the bottom (and repeat until it’s short enough for you). This will preserve the distribution characteristics. Like any solution that shortens the output, it will increase the possibility of collision due to the birthday paradox 2) XOR amounts to a trivial hash, … Read more
Yes, not exhibiting any bias is a design requirement for a cryptographic hash. MD5 is broken from a cryptographic point of view however the distribution of the results was never in question. If you still need to be convinced, it’s not a huge undertaking to hash a bunch of files, truncate the output and use … Read more
MD5 is designed to be cryptographically irreversible. In this case, the most important property is that it is computationally unfeasible to find the reverse of a hash, but it is easy to find the hash of any data. For example, let’s think about just operating on numbers (binary files after all, could be interpreted as … Read more
This has very little to do with hash functions. A cryptographic hash function may be part of the implementation, but it’s not required. Actually, it generates the digits on a time-based interval, if I press the button for it to generate the digits, it generates the digits and after about 25 seconds, and I press … Read more
Most uses of SHA-1 are for interoperability: we use SHA-1 when we implement protocols where SHA-1 is mandated. Ease of development also comes into account: SHA-1 implementations in various languages and programming environment are more common than SHA-512 implementations. Also, even so most usages of hash functions do not have performance issues (at least, no … Read more