Message-Digest Algorithm 5 (MD5) is a hash function that generates a hash value that is always the same from a given string or message. MD5 can be used for various applications such as checking download files or storing passwords.
What is MD5?
The abbreviation MD5 stands for Message-Digest Algorithm 5, a cryptographic function that generates a hash value from any message or string of characters. In contrast to encryption, the function is not reversible and prevents the original character string from being determined from the hash value.
MD5 was developed by Ronald L. Rivest as a successor function to MD4, which was considered insecure, at the Massachusetts Institute of Technology in 1991. Typical applications of the Message Digest Algorithm 5 are checking download files or storing passwords. Today, MD5 is no longer considered sufficiently secure. Various attack methods are known, such as collision attacks, which allow output strings matching a given hash value to be generated with reasonable effort.
Basic requirements for the MD5 hash function
As with all hash functions, there are several requirements for the MD5 hash function. For example, the identical string must always generate the same hash value. In addition, it must be prevented that the original character string can be determined from a hash value. Different character strings must not generate the same hash value. Not all requirements can be met 100 percent by MD5. For example, it is known that different strings can produce the same hash value. This is referred to as a collision. The security of MD5 applications, such as encryption or authentication, is directly dependent on compliance with the requirements.
The underlying algorithm of the MD5 hash function
The Message Digest Algorithm 5 is based on the so-called Merkle-Damgård construction as an algorithm. It pads the output string to a certain length with ones and zeros and applies blockwise compression functions. Several rounds of mathematical functions such as modular additions are run until the result is a 128-bit value.
Application of MD5
MD5 hash values are used for various applications. A common application is to check a downloaded file for completeness. The check is to exclude transmission errors of the network. For this purpose, an MD5 checksum is calculated based on the source file and transmitted. The receiver calculates a checksum based on the received download file and compares it with the checksum sent along. If both MD5 hash values are equal, the transfer was successful and the integrity of the file is ensured. Man-in-the-middle attacks cannot be ruled out by this checking method, since the attacker can regenerate the hash value himself after modifying the file.
Another area of application is the secure storage of passwords. They are not stored in plain text, but as MD5 hash values. This means that no one who has access to the data store knows the stored passwords. Since it is impossible to recalculate the hash value, the original password cannot be reconstructed. Whether a password is correct can be determined from a simple comparison between the hash value calculated from the password and the hash value stored on the system to be accessed. Other applications of Message-Digest Algorithm 5 include:
- Generation of random numbers
- Generation of passwords
- Derivation of keys
- Digital signing
Security aspects of the Message-Digest Algorithm 5
MD5 is no longer considered to be sufficiently secure. Weaknesses such as the targeted calculation of collisions have been known since 1994. Even with a normal PC, a string matching a hash value can be found within a short time. MD5 should therefore no longer be used for any cryptographic applications.
Another attack method on the Message Digest Algorithm 5 are so-called rainbow tables. They contain character strings and associated MD5 hash values. By simply comparing a hash value to be cracked with the hash values stored in the table, it may be possible to find a matching string. There are very large rainbow tables circulating on the Internet that can be used for attacks.
After a successful collision attack on SHA-1 was carried out at the beginning of 2017, SHA-256 or SHA-3 are still considered secure alternatives to MD5 today (as of March 2019).