I am looking for enhancements of SHA1 when its compared to MD5. But I am not talking about just heap sizes. I am talking about different enhancements than heap size.
Also, I think md5 is faster than sha1. It can be a difference between them.
Are there any improvement sha1 and md5?
Cryptographic hash functions are objects which try to fulfil some properties (namely, resistance to collisions, preimages and second preimages). An algorithm which fails at offering these properties is said to be "broken" and, by definition, should not be used in protocols where the unfulfilled properties are needed.
MD5 is broken (for collisions). SHA-1 is not (at least, not as much). If your protocol requires resistance to collisions, then don't use MD5. E.g. some researchers have managed to make fake certificates by using MD5 lack of resistance against collisions.
Right now, SHA-1 is "slightly weakened" with regards to collisions, but not sufficiently so that producing an actual collision has been done. It would take a substantial amount of time and computers (months, thousands), hence quite some money. A contrario, MD5 collisions can be generated in less than one second on a basic PC.
SHA-1 is slightly slower than MD5 when processing bulk data, which does not matter as much as is usually believed. When a basic PC (again) hashes big files, the hashing part is actually three times faster than the reading-from-disk part when using SHA-1. That MD5 is about 40% faster than SHA-1 won't actually matter, since the bottleneck is the disk, not the hashing.
SHA-256 and SHA-512 are the currently recommended general purpose hash functions. They are slower than SHA-1, but still "fast enough" for most purposes. They don't have known weaknesses (even theoretical weaknesses).
