MD5

MD5
General
DesignersRonald Rivest
First publishedApril 1992
SeriesMD2, MD4, MD5, MD6
Cipher detail
Digest sizes128 bit
Block sizes512 bit
StructureMerkle–Damgård construction
Rounds4[1]
Best public cryptanalysis
A 2013 attack by Xie Tao, Fanbao Liu, and Dengguo Feng breaks MD5 collision resistance in 218 time. This attack runs in less than a second on a regular computer.[2] MD5 is prone to length extension attacks.

The MD5 message-digest algorithm is a widely used hash function producing a 128-bit hash value. MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function MD4,[3] and was specified in 1992 as RFC 1321.

MD5 can be used as a checksum to verify data integrity against unintentional corruption. Historically it was widely used as a cryptographic hash function; however it has been found to suffer from extensive vulnerabilities. It remains suitable for other non-cryptographic purposes, for example for determining the partition for a particular key in a partitioned database, and may be preferred due to lower computational requirements than more recent Secure Hash Algorithms.[4]

  1. ^ Rivest, R. (April 1992). "Step 4. Process Message in 16-Word Blocks". The MD5 Message-Digest Algorithm. IETF. p. 5. sec. 3.4. doi:10.17487/RFC1321. RFC 1321. Retrieved 10 October 2018.
  2. ^ Xie Tao; Fanbao Liu; Dengguo Feng (2013). "Fast Collision Attack on MD5" (PDF). Cryptology ePrint Archive. Archived (PDF) from the original on 2 February 2021. Retrieved 3 December 2013.
  3. ^ Ciampa, Mark (2009). CompTIA Security+ 2008 in depth. Australia; United States: Course Technology/Cengage Learning. p. 290. ISBN 978-1-59863-913-1.
  4. ^ Kleppmann, Martin (2 April 2017). Designing Data-Intensive Applications: The Big Ideas Behind Reliable, Scalable, and Maintainable Systems (1 ed.). O'Reilly Media. p. 203. ISBN 978-1449373320.