On Sat, Sep 17, 2011 at 6:46 PM, Robert Rohde <rarohde(a)gmail.com> wrote:
Is there a good reason to prefer SHA-1?
Both have weaknesses allowing one to construct a collision (with
considerable effort)
Considerable effort? I can create an MD5 collision in a few minutes
on my home computer. Is there anything even remotely like this for
SHA-1?
MD5 is shorter and in my experience about 25% faster
to compute.
Personally I've tended to view MD5 as more than good enough in offline analyses.
For offline analyses, there's no need to change the online database tables.