Re: Randomness of MD5 vs. SHA1

On Jan 26, 10:58 am, bmearns <mearn...@xxxxxxxxx> wrote:
On Jan 26, 10:55 am, Tom St Denis <t...@xxxxxxx> wrote:

On Jan 26, 10:53 am, bmearns <mearn...@xxxxxxxxx> wrote:

Ideally, the output of a cryptographically secure hash function should
be uniformly distributed, right? With regards to this property only,
is there any known difference between MD5 and SHA1?

Specifically, I'm feeding relatively short strings of 7-bit ASCII text
into the hash, and using the output as a password. Will one of these
produce algorithms a stronger bias in the output than the other?

Note, this isn't an authentication scheme in itself, I'm not concerned
directly about collisions. For instance, I don't care if somebody can
find another plaintext that will produce the same digest: it's the
digest itself that is the secret. So I'm only concerned if one of the
functions will add a significant bias to this secret.

Nobody knows for sure.  They're both believed to be respectable PRFs
in their own rights.

MD5 is computationally cheaper than SHA-1 if that helps.


Thanks a lot for the prompt response, Tom.

I get the point, but what specifically does PRF means?


Sorry, I will google before I ask. PRF is a Pseudorandom function.