Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [md5]

MD5 is a hash function that is no longer considered secure from a cryptographic point of view. Therefore, it should only be used for backward compatibility.

MD5 was a cryptographic hash function that generated a 128 bit output. It was designed in 1992. But since then weaknesses in the collision resistance have been discovered, which make MD5 unsuitable for almost all use cases.

Furthermore MD5 is an extremely fast algorithm that can be speed up even more on graphic cards. MD5 is therefore not suitable for hashing passwords anymore.

Research papers concerning the weaknesses of MD5:

257 questions
123
votes
7 answers

Are there two known strings which have the same MD5 hash value?

Is there an example of two known strings which have the same MD5 hash value (representing a so-called "MD5 collision")?
Adban
43
votes
7 answers

For a hashing function like MD5, how similar can two plaintext strings be and still generate the same hash?

When I say similar, I'm referring to the Hamming distance, the Levenshtein distance, or a similar string distance metric that measures how similar or dissimilar two strings are. For instance, are there two plaintext strings with a Levenshtein…
John Ellmore
42
votes
4 answers

How can hashes be unique if they are limited in number?

I'm curious, how can for example SHA-256 be unique if there are only a limited number of them?! For clarification: how many MD5 hashes are there? $16^{32}$ MD5 hashes can be produced. $16^{64}$ SHA-256 hashes can be produced. while there are…
M D P
  • 539
  • 1
  • 4
  • 6
42
votes
4 answers

Best way to reduce chance of hash collisions: Multiple hashes, or larger hash?

I would like to maintain a list of unique data blocks (up to 1MiB in size), using the SHA-256 hash of the block as the key in the index. Obviously there is a chance of hash collisions, so what is the best way of reducing that risk? If I also…
Theodor Kleynhans
  • 545
  • 1
  • 5
  • 6
37
votes
4 answers

What is the recommended replacement for MD5?

Since MD5 is broken for purposes of security, what hash should I be using now for secure applications?
grieve
  • 525
  • 1
  • 4
  • 7
33
votes
2 answers

Is HMAC-MD5 considered secure for authenticating encrypted data?

I've read something to the effect that the HMAC construct is able to lessen the problem of collisions in the underlying hash. Does that mean that something like HMAC-MD5 still might be considered safe for authenticating encrypted data?
Nuoji
  • 803
  • 1
  • 7
  • 21
32
votes
1 answer

How is SHA1 different from MD5?

On the surface, SHA1 and MD5 look pretty similar. Their diagrams include chunks of bits, bit rotation, xor and special functions. Their implementations are roughly the same length (at least the ones I've seen). Yet it's widely known that MD5 is…
qwr
  • 435
  • 1
  • 4
  • 12
29
votes
1 answer

How are the functions used in cryptographic hash functions chosen?

I'm learning about cryptographic hash functions and I have some questions about the functions used in the compression function. MD5 uses the following functions: $f_{1}(B,C,D)=(B\wedge C)\lor(D\wedge \lnot B)$ $f_{2}(B,C,D)=(B\wedge…
Cartman123
  • 609
  • 4
  • 9
27
votes
8 answers

Is there really no use for MD5 anymore?

I read an article about password schemes that makes two seemingly conflicting claims: MD5 is broken; it’s too slow to use as a general purpose hash; etc The problem is that MD5 is fast I know that MD5 should not be used for password hashing, and…
jornane
  • 509
  • 1
  • 4
  • 5
19
votes
1 answer

Could we break MD5 entirely in the future?

Even of today MD5 is (sadly) still heavily used in some applications. Even big tools like ApacheMD5. But even today there are more then enough MD5 hashes which are still not cracked. According to Wikipedia, the strongest attack at time of writing…
Richard R. Matthews
  • 4,275
  • 6
  • 28
  • 45
18
votes
1 answer

How does the attack on MD5 work that allows a file to show its own (full) hash?

I've recently stumbled across this "moment" on Twitter, where there are three files, that show their own MD5 hashes. As an example, this GIF (screen-shotted in the following image), has the hash: f5ca4f935d44b85c431a8bf788c0eaca They obviously…
SEJPM
  • 45,265
  • 7
  • 94
  • 199
17
votes
2 answers

What is the MD5 collision with the smallest input values?

I am interested in MD5 collisions for small input messages. The collision examples given at http://www.mscs.dal.ca/~selinger/md5collision/ show two different strings, where only a tiny amount of data has been changed to give the same md5, but it…
Peter
  • 281
  • 1
  • 2
  • 6
17
votes
3 answers

Strength of MD5 in finding duplicate files

Why are there a lot of duplicate file finder applications which are using MD5 Algorithm? What is the strength of MD5 in terms of searching duplicate files in hard disk or flash driver or any other storage device?
goldroger
  • 1,717
  • 8
  • 31
  • 41
15
votes
2 answers

How were shift amount constants in MD5 found?

The md5 specification gives a series of 4 rounds to execute over a 16-word block. Each round has a repeating sequence of 4 shift amounts (s in [abcd k s i]) : 7, 12, 17 and 22 for the round 1 5, 9, 14 and 20 for the round 2 4, 11, 16 and 23 for the…
Antoine Catton
  • 273
  • 1
  • 8
13
votes
1 answer

Is a second preimage attack on MD5 feasible?

What's the practical status of MD5 w.r.t. second-preimage? Integrity of a piece of data is protected by an MD5 hash, itself assumed genuine. The data (and thus the hash) is known to the adversary. The adversary can change the data, and wants to do…
fgrieu
  • 131,696
  • 12
  • 284
  • 553
1
2 3
17 18