通过SHA1散列密码与MD5，SHA1和MD5

Question

散列密码的这些方法中哪一个最安全，最难找到散列冲突？

1. MD5只
2. SHA1只有
3. MD5比SHA1

Answer 1

这些不应被用于密码哈希，他们已经被证明是不安全的：

从维基百科MD5： The security of the MD5 has been severely compromised, with its weaknesses having been exploited in the field, most infamously by the Flame malware in 2012. The CMU Software Engineering Institute considers MD5 essentially "cryptographically broken and unsuitable for further use".

SHA1来自维基百科：

SHA-1 is no longer considered secure against well-funded opponents. In 2005, cryptanalysts found attacks on SHA-1 suggesting that the algorithm might not be secure enough for ongoing use,[3] and since 2010 many organizations have recommended its replacement by SHA-2 or SHA-3.[4][5][6] Microsoft,[7] Google[8] and Mozilla[9][10][11] have all announced that their respective browsers will stop accepting SHA-1 SSL certificates by 2017.

更安全散列算法存在诸如SHA-2或3，其应该被考虑。