## How are hash functions like MD5 unique?

You’re correct that it cannot guarantee uniqueness, however there are approximately 3.402823669209387e+38 different values in a 32 digit hex value (16^32). That means that, assuming the math behind the algorithm gives a good distribution, your odds are phenomenally small that there will be a duplicate. You do have to keep in mind that it IS … Read more

## When is CRC more appropriate to use than MD5/SHA1?

CRC works fine for detecting random errors in data that might occur, for example, from network interference, line noise, distortion, etc. CRC is computationally much less complex than MD5 or SHA1. Using a hash function like MD5 is probably overkill for random error detection. However, using CRC for any kind of security check would be … Read more

## Is calculating an MD5 hash less CPU intensive than SHA family functions?

Yes, MD5 is somewhat less CPU-intensive. On my Intel x86 (Core2 Quad Q6600, 2.4 GHz, using one core), I get this in 32-bit mode: MD5 411 SHA-1 218 SHA-256 118 SHA-512 46 and this in 64-bit mode: MD5 407 SHA-1 312 SHA-256 148 SHA-512 189 Figures are in megabytes per second, for a “long” message … Read more

## How come MD5 hash values are not reversible?

The input material can be an infinite length, where the output is always 128 bits long. This means that an infinite number of input strings will generate the same output. If you pick a random number and divide it by 2 but only write down the remainder, you’ll get either a 0 or 1 — … Read more

## Is it possible to decrypt MD5 hashes?

No. MD5 is not encryption (though it may be used as part of some encryption algorithms), it is a one way hash function. Much of the original data is actually “lost” as part of the transformation. Think about this: An MD5 is always 128 bits long. That means that there are 2128 possible MD5 hashes. … Read more

## Is there an MD5 Fixed Point where md5(x) == x?

Since an MD5 sum is 128 bits long, any fixed point would necessarily also have to be 128 bits long. Assuming that the MD5 sum of any string is uniformly distributed over all possible sums, then the probability that any given 128-bit string is a fixed point is 1/2128. Thus, the probability that no 128-bit … Read more

CPasswordHelper works like PHP’s functions password_hash() and password_verify(), they are wrappers around the crypt() function. When you generate a BCrypt hash, you will get a string of 60 characters, containing the salt. // Hash a new password for storing in the database. \$hashToStoreInDb = password_hash(\$password, PASSWORD_BCRYPT); The variable \$hashToStoreInDb will now contain a hash-value like … Read more

## Are there any SHA-256 javascript implementations that are generally considered trustworthy? [closed]

OUTDATED: Many modern browsers now have first-class support for crypto operations. See Vitaly Zdanevich’s answer below. The Stanford JS Crypto Library contains an implementation of SHA-256. While crypto in JS isn’t really as well-vetted an endeavor as other implementation platforms, this one is at least partially developed by, and to a certain extent sponsored by, … Read more

## Probability of SHA1 collisions

Are the 160 bit hash values generated by SHA-1 large enough to ensure the fingerprint of every block is unique? Assuming random hash values with a uniform distribution, a collection of n different data blocks and a hash function that generates b bits, the probability p that there will be one or more collisions is … Read more

## Is it safe to ignore the possibility of SHA collisions in practice?

The usual answer goes thus: what is the probability that a rogue asteroid crashes on Earth within the next second, obliterating civilization-as-we-know-it, and killing off a few billion people? It can be argued that any unlucky event with a probability lower than that is not actually very important. If we have a “perfect” hash function … Read more