SHA-1 produces 160bit hashes instead of 128bit hashes (like MD5) which makes it a little more secure.
The main reason for using SHA-1 instead of MD5 was AFAIK that MD5 has one or two known weaknesses which could allow an attacker (the RIAA for example) to corrupt downloads by offering corrupted files with the same MD5 hash as normal files.
SHA-1 is about 50% slower than MD5, but that does not really matter because modern CPU's can hash the data much faster than (at least IDE) drives can read it. And when hashing, it's not the CPU activity but the hard disk activity that makes the computer slow in most cases. |