MD5, SHA-1, SHA-2, Ripemd, Whirlpool, and Other Hash/Digest Calculation

Bitsum seeks to assist the community whenever possible, and thus offers services like this on its server. Its core mission is software development though.

This will compute and display the result of MD5, SHA-1, SHA-2, Ripemd, Whirlpool, and other message digests.


Plaintext


MD5, SHA1, SHA2, Ripemd, Whirlpool, and Other Calculator

The result of an MD5 calculation is known as a digest, hence MD5 = Message Digest 5. The digest is a very long number that has a statistically high enough probability of being unique that it is considered irreversible and collisionless (no two data sets result in the same digest). This is unlike CRC, an algorithm that produces a smaller output of (most often) 32-bits and has a much higher probability of collision. CRC and Checksums are usually refered to as 'hashes', where as more cryptographically secure algorithms are referred to as message digests. Note that the terms 'hash' and 'digest' are not always differentiated like this, but I prefer to differentiate them in this way. That's just my preference. In practice, you can use whichever term you want, just make sure you pick the right algorithm.

Why is it called a 'digest'? Well, think about the 'message' (the plaintext) being 'digested' through an algorithm.

SHA1 is the most common alternative to MD5, doing pretty much the same thing, but with a different algorithm base. The output here will show you MD5, SHA-1 (Secure Hash Algorithm), and SHA-2 digests.

WARNING: MD5 and SHA1 both have been shown to have problems with collisions, making them crytographically insecure in theory (though still pretty darn secure in practice). See Wikipedia on MD5 for more information. For this reason, SHA1 may be preferred because its theoretical concerns are not yet as problematic as MD5's proven effective attacks. SHA2, Whirlpool-T, or another is currently the best choice, with SHA3 under development.

Example Use: When passwords and other content is stored on the internet, it is desired to store only the digest of the password, not the password itself. When the user re-authenticates, the digest is computed and compared. If an attacker were to compromise the database, he or she would have no way to discern the original password based on the hash - unless you used a common word, or a character combination recorded in popular rainbow tables. These are pre-computed digests that hackers can search through. That is why it is recommended you not use a word in the dictory as your password. Rainbow tables only grow in time. Many sites therefore salt their hashes with custom obfuscators. Even then, the salting is often revealed during an attack.