|First published||April 1992|
|Series||MD2, MD4, MD5, MD6|
|Digest sizes||128 bit|
|Block sizes||512 bit|
|Best public cryptanalysis|
|A 2013 attack by Xie Tao, Fanbao Liu, and Dengguo Feng breaks MD5 collision resistance in 218 time. This attack runs in less than a second on a regular computer. MD5 is prone to length extension attacks.|
The MD5 message-digest algorithm is a widely used hash function producing a 128-bit hash value. Although MD5 was initially designed to be used as a cryptographic hash function, it has been found to suffer from extensive vulnerabilities. It can still be used as a checksum to verify data integrity, but only against unintentional corruption. It remains suitable for other non-cryptographic purposes, for example for determining the partition for a particular key in a partitioned database.
One basic requirement of any cryptographic hash function is that it should be computationally infeasible to find two distinct messages that hash to the same value. MD5 fails this requirement catastrophically; such collisions can be found in seconds on an ordinary home computer.
The weaknesses of MD5 have been exploited in the field, most infamously by the Flame malware in 2012. The CMU Software Engineering Institute considers MD5 essentially "cryptographically broken and unsuitable for further use".
- Rivest, R. (April 1992). "Step 4. Process Message in 16-Word Blocks". The MD5 Message-Digest Algorithm. IETF. p. 5. sec. 3.4. doi:10.17487/RFC1321. RFC 1321. Retrieved 10 October 2018.
- Xie Tao; Fanbao Liu & Dengguo Feng (2013). "Fast Collision Attack on MD5" (PDF). Cite journal requires
- Kleppmann, Martin (2 April 2017). Designing Data-Intensive Applications: The Big Ideas Behind Reliable, Scalable, and Maintainable Systems (1 ed.). O'Reilly Media. p. 203. ISBN 978-1449373320.
- Ciampa, Mark (2009). CompTIA Security+ 2008 in depth. Australia ; United States: Course Technology/Cengage Learning. p. 290. ISBN 978-1-59863-913-1.
- Chad R, Dougherty (31 December 2008). "Vulnerability Note VU#836068 MD5 vulnerable to collision attacks". Vulnerability notes database. CERT Carnegie Mellon University Software Engineering Institute. Retrieved 3 February 2017.
- Cite error: The named reference
Cimpanu2019was invoked but never defined (see the help page).