Hash algorithms have been gaining intense attention in the cryptography and information security community due to a number of attacks that have been discovered on these algorithms in recent years.
In January 2009, commercial certificate authorities (CAs) were forced to stop issuing MD5-based certificates due to these attacks. Be cautious when deploying hash algorithms.
MD2 and MD4
While support for MD2 and MD4 algorithms is provided, you should avoid using them.
A collision of MD2 can be found with 216 computational time, which reduces the strength of any signature scheme that MD2 is used in. As well, a 73-bit level preimage attack is known, which reduces the secrecy of messages that are hashed using MD2.
It has been shown that collisions on MD4 can be calculated by hand.
Use of MD2 and MD4 should be limited to handling legacy certificates, and these certificates should be replaced with SHA-1- or SHA-2-based certificates as soon as possible.
MD5 and SHA-1
MD5 and SHA-1 are widely deployed, but it's strongly recommended that you do not use either of these algorithms. You should plan to migrate to SHA-2 algorithms (or stronger) where possible.
The National Institute of Standards and Technology (NIST) recommends that SHA-1 should not be used for hashing after the end of 2010 for government applications. Forgery of MD5-based certificates using collision attacks is known. These attacks are practical attacks, and MD5-based certificates should be replaced as soon as possible. Commercial CAs have stopped issuing MD5-based certificates and are providing services to replace these certificates with SHA-1–based certificates.
The preferred choices for hash algorithms are SHA-2 algorithms, consisting of SHA-224, SHA-256, SHA-384, and SHA-512. Use these algorithms wherever possible.
Last modified: 2015-07-24