LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Help with MD5 and SHA1 signatures (https://www.linuxquestions.org/questions/linux-security-4/help-with-md5-and-sha1-signatures-661612/)

DeepSeaNautilus 08-09-2008 10:38 AM
Help with MD5 and SHA1 signatures
 
I know what is the md5 signature, how to get it and what it is used for, but what is the difference between sha1 and md5 sigantures, which one is the best to use? Thanks.

amani 08-09-2008 11:43 AM
RTFM for differences. sha1 is better in practice. But there are other sha*

You can always get the md5 signature with md5sum
You can compare it with a correct signature too

#info md5sum
#info sha1sum

win32sux 08-09-2008 02:38 PM
Quote:
Originally Posted by DeepSeaNautilus (Post 3241820)
I know what is the md5 signature, how to get it and what it is used for, but what is the difference between sha1 and md5 sigantures, which one is the best to use? Thanks.
There's tons of papers on both MD5 and SHA-1 all over the Web. Both hash functions have (as one would expect) received lots of attention from cryptanalysts. If you do a bit of research, you will find that both of them have their weaknesses. Generally speaking, MD5 is considered a lot weaker than SHA-1, due to the much smaller of amount of computation necessary to find a collision. But why limit yourself to MD5 and SHA-1? You can pick something from the SHA-2 series if you are looking for something which is considered stronger. What are you planning on using the hashes for?

DeepSeaNautilus 08-10-2008 10:03 PM
Integrity Application
 
Quote:
Originally Posted by win32sux (Post 3242001)
There's tons of papers on both MD5 and SHA-1 all over the Web. Both hash functions have (as one would expect) received lots of attention from cryptanalysts. If you do a bit of research, you will find that both of them have their weaknesses. Generally speaking, MD5 is considered a lot weaker than SHA-1, due to the much smaller of amount of computation necessary to find a collision. But why limit yourself to MD5 and SHA-1? You can pick something from the SHA-2 series if you are looking for something which is considered stronger. What are you planning on using the hashes for?
Well, my girlfriend has to make an application to check the integrity of several unix filesystems and she asked me for help. The parameters of the analysis are based on md5, sha1 signatures and the inode and size of the files. But itīs really interesting and specially useful to know thereīs something stronger than md5 and sha1. Thanks :D

win32sux 08-11-2008 01:02 PM
Quote:
Originally Posted by DeepSeaNautilus (Post 3243098)
Well, my girlfriend has to make an application to check the integrity of several unix filesystems and she asked me for help. The parameters of the analysis are based on md5, sha1 signatures and the inode and size of the files. But itīs really interesting and specially useful to know thereīs something stronger than md5 and sha1. Thanks :D
No problem, happy to help. BTW, keep in mind that using both is way better than using just one. In fact, the more hash functions you run your files through, the lesser the chance of a collision being found which would trick your integrity checker. For example, if probability of collision in foo is 0.000001 and probability of collision in bar is 0.000000001, then probability of a collision affecting them both should be 0.000000000000001 (the product of both probabilities). By using three or more different hashes the odds get even better. Tell your girlfriend to look at the source code for Tripwire and/or AIDE to get an idea of good hashes to use for this application, as well as other characteristics she can look for aside from inodes and file sizes.

chort 08-11-2008 02:33 PM
For instance, TLSv1 uses both MD5 and SHA1 (XOR'd, IIRC) to give it some future-proofing in case one of those algorithms is broken.

DeepSeaNautilus 08-11-2008 09:51 PM
Attributes
 
Quote:
Originally Posted by win32sux (Post 3243823)
No problem, happy to help. BTW, keep in mind that using both is way better than using just one. In fact, the more hash functions you run your files through, the lesser the chance of a collision being found which would trick your integrity checker. For example, if probability of collision in foo is 0.000001 and probability of collision in bar is 0.000000001, then probability of a collision affecting them both should be 0.000000000000001 (the product of both probabilities). By using three or more different hashes the odds get even better. Tell your girlfriend to look at the source code for Tripwire and/or AIDE to get an idea of good hashes to use for this application, as well as other characteristics she can look for aside from inodes and file sizes.
Thanks, I told my girl to look at Tripwire and AIDE commands. :D
I have made several scripts to solve the problem I commented before. One of them is called atributes and its called like this:
atributes file
it gives the following output:
md5 signature:sha1 signature:inode:size:file
This way I can check both md5 and sha1 signatures as you suggested. I can later on add other more advanced signatures as fields to perform a better integrity validation.
Thanks again :)


All times are GMT -5. The time now is 11:43 AM.