Simple-O, an automated essay grading application was developed at the Department of Electrical Engineering University of Indonesia. This application used MD5 + salt algorithm to perform protection for authentication password of users stored in its database. Unfortunately, due to a number of flaws contained in the MD5 algorithm, SHA-1 + salt algorithm was implemented in this application and then the comparison was carried out between those two algorithms. The experiments include time measurements and estimation of brute force attack for each algorithm. Processing time and CPU usage were also measured. In the brute force hash code scenario, it was tried to find plaintext from the chipertext. In this scenario, both MD5 and SHA-1 was implemented and tested using Hashcat tool. The better the algorithm, the more time needed to brute force the chipertext. In this scenario the password tested has 8 to 10 characters. The result from this testing shows that the implementation of SHA-1 algorithm is more robust against brute force attacks than MD5. The difference in processing time between SHA-1 + salt and MD5 + salt ranged from 0.001 seconds to 0.002 seconds for each length variation of the password from 8 to 10 character. While the difference in CPU usage is 0.545%, 0.985%, and 1.69% respectively for the password with 8, 9, and 10 characters length. These results indicate that while giving better security the implementation of the algorithm SHA-1 + salt does not impose on the performance of Simple-O application.