LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

Compare MD5, SHA-1, SHA-2, and SHA-3 — which are still considered secure, and which should never be used for passwords?

MD5 and SHA-1 are broken — never use for security. SHA-2 (SHA-256) and SHA-3 are current standards, but for passwords use bcrypt/Argon2, not raw SHA.

The lineup:

Hash Output size Status Use for passwords?
MD5 128 bit Broken (collisions in 2004) NO
SHA-1 160 bit Broken (collisions in 2017) NO
RIPEMD-160 160 bit Stronger than SHA-1, but old Avoid
SHA-2 224-512 bit Current standard OK for general use
SHA-3 224-512 bit Newest, different math basis OK

Why MD5/SHA-1 are still used:

  • File checksums where collision attacks aren't relevant
  • Legacy systems too expensive to migrate
  • Not all uses of a "broken" hash are exploitable — git still uses SHA-1 for commit IDs, and the attack model doesn't fit

The password-specific issue:

Even SHA-256 is too fast for password hashing — a GPU can compute billions per second. For passwords, use:

  • bcrypt — deliberately slow, salted by design
  • Argon2 — modern winner of password-hashing competition
  • scrypt / PBKDF2 — also acceptable

These are intentionally slow (~100ms per hash) so brute force becomes impractical.

Tip: SHAttered (2017) showed the first practical SHA-1 collision — Google generated two PDF files with the same SHA-1 hash. Read: https://shattered.io/.

Go deeper:

From Quiz: INTROL / Password Cracking | Updated: Jul 14, 2026