Comparative Analysis of MD5 and SHA-256 Hash Algorithms for Fingerprint File Integrity Verification

Authors

  • Nurdin Nurdin Universitas Malikussaleh
  • Al Habbal Universitas Malikussaleh
  • Fajriana Fajriana Universitas Malikussaleh

DOI:

https://doi.org/10.30871/jaic.v10i2.12432

Keywords:

Hash Function, Fingerprint Biometric, MD5, SHA-256, Driver License System, File Integrity

Abstract

Fingerprint file integrity verification in driver license systems requires reliable cryptographic hash algorithms. MD5, currently widely deployed, has been deprecated by NIST (2008) due to demonstrated collision vulnerabilities, while SHA-256 offers enhanced security with potentially higher computational overhead. This study comprehensively compares MD5 and SHA-256 performance and security characteristics to provide evidence-based recommendations for biometric data integrity verification. We conducted empirical benchmarking using 1,000 real operational fingerprint files (BMP 8-bit grayscale, 512×512 pixels, 257 KB uniform) from Regional Police Traffic Directorate. Each file underwent 30 repeated trials with warm-up runs. Testing encompassed performance metrics (execution time, CPU usage, memory consumption), security evaluation (avalanche effect on 100 samples, collision detection), and grouping analysis by finger type using ANOVA (α=0.05). SHA-256 exhibited mean execution time of 2.28 ms, 48% slower than MD5's 1.54 ms (p<0.001), with CPU usage of 1.24% versus 0.98%, while memory consumption remained negligible. Avalanche effect approached ideal 50%: MD5 49.98%±4.43%, SHA-256 49.62%±3.21% (superior consistency). Zero collisions detected in 1,000 files. Grouping analysis revealed statistically significant differences between finger types (p<0.05) but with small effect size (η²<0.05) and negligible magnitude (<0.1 ms). For operational systems, SHA-256 is recommended based on acceptable performance overhead (<1 ms per file, 7.4 seconds daily for 10,000 transactions), superior security (no known attacks), regulatory compliance (NIST/ISO), more stable avalanche effect, and future-proofing capability.

Downloads

Download data is not yet available.

References

[1] D. Maltoni, D. Maio, A. K. Jain, and S. Prabhakar, Handbook of fingerprint recognition, 2nd ed. Springer, 2009.

[2] I. N. Police, “Statistical Report of Driver License Issuance 2024,” Korlantas Polri, Jakarta, 2024.

[3] A. K. Jain, P. Flynn, and A. Ross, Handbook of Biometrics. Boston: Springer, 2008.

[4] N. I. of S. and Technology, “Secure Hash Standard (SHS),” National Institute of Standards and Technology, 2015. doi: 10.6028/NIST.FIPS.180-4.

[5] F. B. of Investigation, “Electronic Biometric Transmission Specification,” CJIS Division, Clarksburg, WV, 2020.

[6] Nurdin, “Comparative Analysis of AES and FHE Encryption Algorithms in Financial Technology Applications,” J. Inf. Secur. Cryptogr., vol. 11, no. 2, pp. 145–159, 2024.

[7] X. Wang, D. Feng, X. Lai, and H. Yu, “Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD,” in Advances in Cryptology - CRYPTO 2004, Springer, 2004, pp. 199–206.

[8] S. R. Prasanna and B. S. Premananda, “Comparative Study of MD5 and SHA-256 for Digital Data Integrity,” Int. J. Cryptogr. Inf. Secur., vol. 11, no. 3, pp. 78–92, 2021.

[9] R. Ngemba, A. S. Pramono, and D. Hartanto, “Implementation of MD5 and SHA-256 for Password Security in Land Certificate Systems,” J. Inf. Technol. Comput. Sci., vol. 8, no. 2, pp. 112–125, 2023.

[10] I. Rahim, M. A. Khan, and S. Ahmed, “Comparative Analysis of MD5 and SHA-256 Hash Functions for Image and Text Security,” J. Comput. Secur., vol. 18, no. 4, pp. 234–248, 2022.

[11] D. Winanda, R. Hidayat, and A. Permana, “Development of Educational GUI Application for Hash Algorithm Comparison,” J. Comput. Sci. Educ., vol. 9, no. 1, pp. 23–37, 2025.

[12] A. Yulianto, B. Santoso, and C. Wijaya, “Performance Analysis of MD5, SHA-256, and Base62 for URL Hashing,” J. Web Eng., vol. 23, no. 4, pp. 401–416, 2024.

[13] S. S. Dhole, M. R. Patil, and V. K. Shah, “Design of Hybrid MD5-SHA-256 Algorithm for Enhanced Data Integrity,” Int. J. Inf. Secur. Priv., vol. 18, no. 2, pp. 178–192, 2024.

[14] A. Gupta, R. Singh, and P. Kumar, “Image Tampering Detection Using Cryptographic Hash Functions,” J. Vis. Commun. Image Represent., vol. 76, p. 103087, 2021.

[15] G. E. P. Box, W. G. Hunter, and J. S. Hunter, Statistics for Experimenters. Hoboken: Wiley, 2005.

[16] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook of Applied Cryptography. Boca Raton: CRC Press, 1996.

[17] S. Almuhammadi and O. M. Bawazeer, “Performance-Security Trade-off in Hash Functions for Mobile Devices,” Mob. Networks Appl., vol. 25, no. 4, pp. 1567–1581, 2020.

[18] I. O. for Standardization, “ISO/IEC 10118-3:2018 Hash-functions Part 3: Dedicated hash-functions,” ISO, Geneva, 2018.

[19] C. Technologies, “Technical Specifications: L Patrol Fingerprint Scanner,” CrossMatch Technologies, San Jose, CA, 2021.

[20] P. S. Foundation, “hashlib — Secure hashes and message digests,” 2023. [Online]. Available: https://docs.python.org/3/library/hashlib.html

[21] W. Stallings, Cryptography and Network Security. Boston: Pearson, 2017.

[22] J. Cohen, “A power primer,” Psychol. Bull., vol. 112, no. 1, pp. 155–159, 1992.

[23] D. J. Bernstein and T. Lange, “eBACS: ECRYPT Benchmarking of Cryptographic Systems,” 2024. [Online]. Available: https://bench.cr.yp.to/

[24] M. Stevens, E. Bursztein, P. Karpman, A. Albertini, and Y. Markov, “The first collision for full SHA-1,” in Advances in Cryptology - CRYPTO 2017, Springer, 2017, pp. 570–596.

[25] M. Stevens, A. Lenstra, and B. de Weger, “Chosen-prefix Collisions for MD5 and Applications,” J. Cryptol., vol. 25, no. 1, pp. 97–135, 2012, doi: 10.1007/s00145-011-9097-4.

[26] G. Leurent and T. Peyrin, “From collisions to chosen-prefix collisions application to full SHA-1,” in Advances in Cryptology - EUROCRYPT 2019, Springer, 2019, pp. 527–555.

[27] L. Zhang, Y. Chen, and M. Wang, “Performance evaluation of cryptographic hash functions for biometric applications,” J. Inf. Secur. Appl., vol. 58, p. 102734, 2021.

[28] C. Martinez and K. Chen, “Large-scale hash performance in distributed storage systems,” IEEE Trans. Parallel Distrib. Syst., vol. 34, no. 8, pp. 2234–2248, 2023.

Downloads

Published

2026-04-16

How to Cite

[1]
N. Nurdin, A. Habbal, and F. Fajriana, “Comparative Analysis of MD5 and SHA-256 Hash Algorithms for Fingerprint File Integrity Verification”, JAIC, vol. 10, no. 2, pp. 1495–1504, Apr. 2026.

Issue

Vol. 10 No. 2 (2026): April 2026 (In Progress)

Section

Articles

License

Copyright (c) 2026 Nurdin Nurdin, Al Habbal , Fajriana Fajriana

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Authors who publish with this journal agree to the following terms:

  • Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) ) that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
  • Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
  • Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).

Most read articles by the same author(s)

Similar Articles

1 2 3 4 5 > >> 

You may also start an advanced similarity search for this article.