General | |
---|---|
Designers | Ronald Rivest |
First published | April 1992 |
Series | MD2, MD4, MD5, MD6 |
Cipher detail | |
Digest sizes | 128 bit |
Block sizes | 512 bit |
Structure | Merkle–Damgård construction |
Rounds | 4[1] |
Best public cryptanalysis | |
A 2013 attack by Xie Tao, Fanbao Liu, and Dengguo Feng breaks MD5 collision resistance in 218 time. This attack runs in less than a second on a regular computer.[2] MD5 is prone to length extension attacks. |
The MD5 message-digest algorithm is a widely used hash function producing a 128-bit hash value. MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function MD4,[3] and was specified in 1992 as RFC 1321.
MD5 can be used as a checksum to verify data integrity against unintentional corruption. Historically it was widely used as a cryptographic hash function; however it has been found to suffer from extensive vulnerabilities. It remains suitable for other non-cryptographic purposes, for example for determining the partition for a particular key in a partitioned database, and may be preferred due to lower computational requirements than more recent Secure Hash Algorithms.[4]