Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [md5]

MD5 is a hash function that is no longer considered secure from a cryptographic point of view. Therefore, it should only be used for backward compatibility.

MD5 was a cryptographic hash function that generated a 128 bit output. It was designed in 1992. But since then weaknesses in the collision resistance have been discovered, which make MD5 unsuitable for almost all use cases.

Furthermore MD5 is an extremely fast algorithm that can be speed up even more on graphic cards. MD5 is therefore not suitable for hashing passwords anymore.

Research papers concerning the weaknesses of MD5:

268 questions
133
votes
7 answers

Are there two known strings which have the same MD5 hash value?

Is there an example of two known strings which have the same MD5 hash value (representing a so-called "MD5 collision")?
Adban
45
votes
7 answers

For a hashing function like MD5, how similar can two plaintext strings be and still generate the same hash?

When I say similar, I'm referring to the Hamming distance, the Levenshtein distance, or a similar string distance metric that measures how similar or dissimilar two strings are. For instance, are there two plaintext strings with a Levenshtein…
John Ellmore
43
votes
4 answers

Best way to reduce chance of hash collisions: Multiple hashes, or larger hash?

I would like to maintain a list of unique data blocks (up to 1MiB in size), using the SHA-256 hash of the block as the key in the index. Obviously there is a chance of hash collisions, so what is the best way of reducing that risk? If I also…
Theodor Kleynhans
  • 555
  • 1
  • 5
  • 6
41
votes
4 answers

How can hashes be unique if they are limited in number?

I'm curious, how can for example SHA-256 be unique if there are only a limited number of them?! For clarification: how many MD5 hashes are there? $16^{32}$ MD5 hashes can be produced. $16^{64}$ SHA-256 hashes can be produced. while there are…
M D P
  • 529
  • 1
  • 4
  • 6
39
votes
4 answers

What is the recommended replacement for MD5?

Since MD5 is broken for purposes of security, what hash should I be using now for secure applications?
grieve
  • 545
  • 1
  • 4
  • 7
34
votes
2 answers

Is HMAC-MD5 considered secure for authenticating encrypted data?

I've read something to the effect that the HMAC construct is able to lessen the problem of collisions in the underlying hash. Does that mean that something like HMAC-MD5 still might be considered safe for authenticating encrypted data?
Nuoji
  • 813
  • 1
  • 7
  • 21
32
votes
1 answer

How is SHA1 different from MD5?

On the surface, SHA1 and MD5 look pretty similar. Their diagrams include chunks of bits, bit rotation, xor and special functions. Their implementations are roughly the same length (at least the ones I've seen). Yet it's widely known that MD5 is…
qwr
  • 455
  • 1
  • 4
  • 16
30
votes
8 answers

Is there really no use for MD5 anymore?

I read an article about password schemes that makes two seemingly conflicting claims: MD5 is broken; it’s too slow to use as a general purpose hash; etc The problem is that MD5 is fast I know that MD5 should not be used for password hashing, and…
jornane
  • 539
  • 1
  • 4
  • 5
29
votes
1 answer

How are the functions used in cryptographic hash functions chosen?

I'm learning about cryptographic hash functions and I have some questions about the functions used in the compression function. MD5 uses the following functions: $f_{1}(B,C,D)=(B\wedge C)\lor(D\wedge \lnot B)$ $f_{2}(B,C,D)=(B\wedge…
Cartman123
  • 609
  • 4
  • 10
24
votes
3 answers

Why does the padding in Merkle–Damgård hash functions like MD5 contain the message length?

I understand the need for padding in MD5 and other hash algorithms such as SHA-1, SHA-256, SHA-384 and SHA-512. But why do we append the message length to the padding? I heard it strengthens the hash but how? Please provide an example if possible…
Ibrahim Najjar
  • 341
  • 2
  • 6
19
votes
1 answer

Could we break MD5 entirely in the future?

Even of today MD5 is (sadly) still heavily used in some applications. Even big tools like ApacheMD5. But even today there are more then enough MD5 hashes which are still not cracked. According to Wikipedia, the strongest attack at time of writing…
Richard R. Matthews
  • 4,545
  • 9
  • 31
  • 49
19
votes
2 answers

What is the MD5 collision with the smallest input values?

I am interested in MD5 collisions for small input messages. The collision examples given at http://www.mscs.dal.ca/~selinger/md5collision/ show two different strings, where only a tiny amount of data has been changed to give the same md5, but it…
Peter
  • 301
  • 1
  • 2
  • 6
18
votes
1 answer

How does the attack on MD5 work that allows a file to show its own (full) hash?

I've recently stumbled across this "moment" on Twitter, where there are three files, that show their own MD5 hashes. As an example, this GIF (screen-shotted in the following image), has the hash: f5ca4f935d44b85c431a8bf788c0eaca They obviously…
SEJPM
  • 46,697
  • 9
  • 103
  • 214
18
votes
3 answers

Strength of MD5 in finding duplicate files

Why are there a lot of duplicate file finder applications which are using MD5 Algorithm? What is the strength of MD5 in terms of searching duplicate files in hard disk or flash driver or any other storage device?
goldroger
  • 1,737
  • 8
  • 33
  • 41
15
votes
2 answers

How were shift amount constants in MD5 found?

The md5 specification gives a series of 4 rounds to execute over a 16-word block. Each round has a repeating sequence of 4 shift amounts (s in [abcd k s i]) : 7, 12, 17 and 22 for the round 1 5, 9, 14 and 20 for the round 2 4, 11, 16 and 23 for the…
Antoine Catton
  • 273
  • 1
  • 9
1
2 3
17 18