Comparison of all hashing Algorithms

Summary

This article compares the speed and security of various hashing algorithms, including SHA-1, SHA-256, SHA-384, SHA-512, SHA3-256, SHA3-384, SHA3-512, and MD5, and provides recommendations on when to use each algorithm.

Abstract

The article begins by discussing the trade-off between security and performance when choosing a hashing algorithm. It then presents a simple performance test that measures the speed of each algorithm. The results show that CRC32 is the fastest algorithm, followed by MD5, SHA-1, SHA-256, SHA-384, SHA-512, SHA3-256, SHA3-384, and SHA3-512. The article then discusses the security of each algorithm, noting that the SHA3 family is generally more secure than the SHA-2 family. The article concludes by providing recommendations on when to use each algorithm based on the desired balance between speed and security.

Opinions

The SHA3 family is considered more secure than the SHA-2 family for the same hash length.
SHA-0, SHA-1, and MD5 are already broken and should never be used.
In most cases, a balance between speed and security is desired, and SHA3-256, SHA3-384, and SHA3-512 are recommended.
CRC32 is recommended for cases where security is not a concern, such as identifying changes during file transfer.

Comparison of all hashing Algorithms

Compare them all in 5 mins with a sample

In the previous post, we went through the sha256 algorithm step by step. however, it is not perfect, at least not as secure as the sha3 family.

It may not be the best choice to use in production. let’s compare with other hashing algorithms and find out when to use what.

When choosing hashing algorithm, the trade-off is always between security and performance.

Let’s find out.

Speed

When talking about performance, Always measure.

Let’s do a simple one.

import hashlib
import zlib
import time
import uuid
def test(hash_func):
    ts = time.time()
    for _ in range(500):
        hash_func((str(uuid.uuid4()) *500).encode('utf-8')).hexdigest()
    print(f'{hash_func} took  {time.time()-ts} ms.')

def crc():
    ts = time.time()
    for _ in range(100):
        hex(zlib.crc32( (str(uuid.uuid4())*500).encode('utf-8') ) )
    print(f'crc32 took {time.time()-ts} ms.')

algos = [hashlib.sha1, hashlib.sha256, hashlib.sha384, hashlib.sha512, hashlib.sha3_256, hashlib.sha3_384,hashlib.sha3_512, hashlib.md5]
for a in algos:
    test(a)
crc()


<built-in function openssl_sha1> took  0.019008159637451172 ms.
<built-in function openssl_sha256> took  0.035021066665649414 ms.
<built-in function openssl_sha384> took  0.026027441024780273 ms.
<built-in function openssl_sha512> took  0.030031681060791016 ms.
<built-in function openssl_sha3_256> took  0.0420684814453125 ms.
<built-in function openssl_sha3_384> took  0.05405235290527344 ms.
<built-in function openssl_sha3_512> took  0.07307291030883789 ms.
<built-in function openssl_md5> took  0.024039030075073242 ms.
crc32 took 0.0010042190551757812 ms.

sha3_512> sha3_384 > sha3_256 > sha256 > sha512 > sha384 > md5 > crc32

In terms of speed, the winner is crc32.

Security

sha3 family is generally more secure.

sha3 beaten sha2. sha3 is considered more secure than SHA-2 for the same hash length. For example, SHA3–256 provides more cryptographic strength than SHA-256 for the same hash length (256 bits). The SHA-3 family of functions are representatives of the “Keccak” hashes family, which are based on the cryptographic concept of “sponge construction” (If you are interested, pls drop a comment, and let’s talk about it in the next post)

sha0, sha1, and md5 are already broken, Never use them!

Comparison of all hashing Algorithms

Speed

Security

Conclusion