The MD5 hash function is nearly the oldest technology of its type. It was created by private research in 1991 (the dawn of client/server computing as we know it today). The SHA algorithm was designed by the NSA in 1993 as a stronger alternative to MD5. Defined in the FIPS 180 publication that can be found on the NIST website, the SHA algorithms range in strength from 160 bits (SHA-1) to 512 bits (SHA-512).
Due to a flaw in MD5 discovered in 1996, the use of the SHA-1 hash algorithm was recommended as an alternative to MD5 at that time. That was a long time ago in technology evolution. As you can see, MD5 was not considered the best choice for hashing as far back as the late '90s. And in 2004, MD5 was considered "broken."
This means that nobody should be using it today.
As with all cryptographic technologies, the SHA-1 hash algorithm grew weaker over time as computing power strengthened. It was no longer considered acceptable for use in 2010, according to NIST Special Publication 800-131A. Thus, it too should no longer be used today. As you can see, my software developers are more than one generation outdated in their knowledge of these technologies.
SHA-224, SHA-256, SHA-384, and SHA-512 are acceptable for the foreseeable future (the number in the SHA algorithm name refers to the number of bits, which can be thought of as a key length, which as we all know is of critical importance to the strength of the algorithm). Today, SHA-256 is considered the best choice for businesses that need to balance cryptographic strength against computing performance. So that's what I told the developers.
As you can see, MD5 is a poor choice for password hashing and has been for many years. The fact that software developers don't know this underscores the lack of security awareness among programmers, and the need for independent security review.
Sign up for CIO Asia eNewsletters.