Ans1 Discuss the use of MD5 hashes for software downloads.
MD5 is an algorithm used for producing a fixed length character to make sure the data is correct during download. MD5 is not an encryption method but it is very usefully in data transfusing.
In the example of software download, no matter the size of the program, by using a MD5 algorithm you will always get a fix length of text in binary value with 128bit long. The size of the programmer will not change the length of MD5 hash, always 128bit. So, if you need to download a program, the software will provide you a MD5 text. After you complete the download, you can put your program into the MD5 algorithm. The algorithm will give you a MD5 text which will be identical with the one provided by the software company. Which means that your download is correct, your copy of software is the same with the one on the internet. However, you got a different MD5 text, which means there are some problem occurred during you download, you need to download the software again.
Ans2 Discuss the difference between MD5 and SHA-1 hashes.
Both MD5 and SHA-1 are hashes for testing the integrity of the data being transfer. The main different is the length of the hashes, MD5 is 128 Bits in length which is 32 character in Hex and SHA is 160 Bits in length. MD5 have a faster speed than SHA-1. In term of security MD5 is less secure than SHA-1, on cryptanalytic attacks, using MD5 is consider as vulnerable but SHA-1 is not.
Another different between MD5 and SHA-1 is the collision of the hash. Collision is the match of two hash found even the original message is different. To produce a collision in MD5 takes less than a minute, on the other hand, the best time to form a collision in SHA-1 takes 18 hours.
Ans3 Discuss the use of SHA hashes for digital signatures in SSL certificates.
The usage of digital signatures is providing integrity which means that I can sure the document I received is same as the original one. The role of SHA hashes in digital signatures is using to hash the document which the sender wants to send out. After hashed the document, the sender will encrypt the hash by the sender private key. In other words, digital signature is the encrypted hash. Then the sender will send the document with the digital signature to the receiver.
The people who received the document with the digital signature will decrypt the digital signature by the sender public key to get the hash. Now using the same hashing method to hash the document and get the hash. By comparing the hash form the digital signature with the one we performed, if those two matches, then we know that the digital signature is valid.
Albert's blog 