Abstract
Despite their obsolescence and recommendations they are phased out from production environment, MD5 and SHA-1 cryptographic hash functions remain defaults frequently offered in many applications, e.g., database managers. In the article, we present a security overview of both algorithms and demonstrate the necessity to abandon them in favor of more resilient alternatives due to low computational requirements necessary to reverse engineer the message digests, or to future proof security due to advances in hardware performance and scalability. Suitability procedures and their methods of use are part of this article.
Highlights
Sensitive data protection has been in focus of security researchers for a long time
The article provides security overview of two popular but obsoleted hashing algorithms still used in production environment: MD5 and SHA-1
With a 160-bit digest iterated for 80 rounds, it was used for protecting sensitive unclassified information as well as in Internet protocols such as Secure Sockets Layer (SSL) and Secure Shell (SSH) [21]
Summary
Sensitive data protection has been in focus of security researchers for a long time. While extensive academic coverage analyzing existing and proposed cryptographic hash algorithms exists, organizations are slow to adopt them due to inertia, backward compatibility issues, increased hardware requirements, and deployment costs. To detect changes in databases consisting millions of records, various mathematical fingerprinting techniques were devised titled cryptographic hash functions which provide computationally efficient way to generate, store, and manipulate (compare, move, delete) the control strings with marginal time requirements They are used for storing sensitive user data in scrambled form, thereby reducing the attack surface. The article provides security overview of two popular but obsoleted hashing algorithms still used in production environment: MD5 and SHA-1 While they have been proven computationally insecure or incapable to future proof applications as per Moore’s law mentioned above, they are widely deployed as alternatives to comparably more secure schemes for backward compatibility or legacy reasons. Encryption modules included by default in many instances of DBMSs will be considered: MD5 and SHA-1
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
