md5 / sha1 - Any real difference?

Folks,

I use md5 hash with some of my cookies and occassionally a hidden form
field - I know the physical data on my network is insecure (unless being
served via https) but I was wondering if there are any advantages to using
md5 over sha1 or versa vicea... I know md5 gives me a unique 32bit hash
while sha1 I've read is 'secure' (?) and gives a 40bit hash... Since The
technical webpage on sha1 is lengthy and for the most part over my head...
and other than today, I've never heard of it before... I was wondering if
anyone could offer any comments on it...

Cheers
randelld

Randell D. wrote:
> md5 over sha1 or versa vicea... I know md5 gives me a unique 32bit hash
> while sha1 I've read is 'secure' (?) and gives a 40bit hash... Since The

Basically there is just less chance of two strings ending up with the same
hash value (a "collision"). The more "collisions" a hash algorithm has the
less useful it becomes.

This
http://groups.google.com/groups?q=md...psi.net&rnum=5
might be of interest.

--
James Sleeman
Gogo:Code http://www.gogo.co.nz/
Email domain : gogo.co.nz see user in from header!

"James Sleeman" <james@seeMessageForDomain.moc> wrote in message
news:M7RKa.1519$9f7.96988@news02.tsnz.net...
> Randell D. wrote:
> > md5 over sha1 or versa vicea... I know md5 gives me a unique 32bit hash
> > while sha1 I've read is 'secure' (?) and gives a 40bit hash... Since The
>
> Basically there is just less chance of two strings ending up with the same
> hash value (a "collision"). The more "collisions" a hash algorithm has
the
> less useful it becomes.
>
> This
>
http://groups.google.com/groups?q=md...psi.net&rnum=5
> might be of interest.
>
> --
> James Sleeman
> Gogo:Code http://www.gogo.co.nz/
> Email domain : gogo.co.nz see user in from header!

Cheers for that...

"Randell D." <you.can.email.me.at.randelld@yahoo.com> wrote in message
news:lHPKa.326872$Vi5.8382725@news1.calgary.shaw.c a...
>
> Folks,
>
> I use md5 hash with some of my cookies and occassionally a hidden form
> field - I know the physical data on my network is insecure (unless being
> served via https) but I was wondering if there are any advantages to using
> md5 over sha1 or versa vicea... I know md5 gives me a unique 32bit hash
> while sha1 I've read is 'secure' (?) and gives a 40bit hash... Since The
> technical webpage on sha1 is lengthy and for the most part over my head...
> and other than today, I've never heard of it before... I was wondering if
> anyone could offer any comments on it...
>
> Cheers
> randelld

First of all the hash length you mention are much to short to offer any
security.
md5 = 128 bit
sha-1 = 160 bit

If you are not working on high-security stuff it makes no real difference
for you but if it's your decision and there is an available sha-1 imple-
mentation for you platform then i see no reason why to use the old
md5 stuff.