MD5 is an older standard. I don't remember what it stands for. It is still widely used for signing things like software downloads (look for it where you download Linux CDs or on Sourceforge). It is not secure the same way the lock on my door isn't secure -- it's defeatable, but it's a good deterrent. IMHO, secure enough for pretty much every application you're likely to come across.
SHA stands for "secure hash algorithm". It was intended to be a secure replacement for MD5 and other hash algorithms. Flaws have been found since, but it is still more secure than MD5. The multiple string lengths allow for increasing levels of security. MD5 is, of course, really useful for portability and information exchange. I used it as a tool for verifying downloads on an app I wrote last year. SHA is what I would use for hashing passwords. I'd probably use the shortest version, since longer hashes require more processing time, and in most things I write, such high-level security isn't that important. --Ben Doom Robert Rawlins - Think Blue wrote: > Hello Guys, > > > > For a while I've been wondering about the HASH() function and the different > algorithms available on it, the cfdocs list the following. > > > > .. CFMX_COMPAT: Generates a hash string identical to that generated > by ColdFusion MX and ColdFusion MX 6.1 (default). > > .. MD5: (Default) Generates a 32-character, hexadecimal string, using > the MD5 algorithm (The algorithm used in ColdFusion MX and prior releases). > > .. SHA: Generates a 28-character string using the Secure Hash > Standard SHA-1 algorithm specified by Nation Institute of Standards and > Technology (NIST) FIPS-180-2. > > .. SHA-256: Generates a 44-character string using the SHA-256 > algorithm specified by FIPS-180-2. > > .. SHA-384: Generates a 64-character string using the SHA-384 > algorithm specified by FIPS-180-2. > > .. SHA-512: Generates an 88-character string using the SHA-1 > algorithm specified by FIPS-180-2. > > > > Presumably they become more complex, and therefore more secure from top to > bottom, so why would you not specify the SHA-512 on all hash encryption you > do, I know that hash is generally regarded as a one way encryption so why do > they do different levels? > > > > I'd be interested to hear if anyone knows much about this stuff, > > > > Rob > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Upgrade to Adobe ColdFusion MX7 The most significant release in over 10 years. Upgrade & see new features. http://www.adobe.com/products/coldfusion Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:272035 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
