Questions tagged [md5]

a cryptographic hash function with a 128-bit (16-byte) output, now deprecated

MD5 is a cryptographic hash function. It was the de facto standard cryptographic hash in the 1990s but is now deprecated because vulnerabilities have been discovered.

An MD5 checksum consists of 128 bits (16 bytes) which are often presented as 32 hexadecimal digits.

MD5's collision resistance is broken: it is possible to find two strings with the same MD5 checksum (there can be some additional requirements on the strings, for example a common prefix). For applications that only rely on other properties such as preimage resistance (the impossibility of finding a string given its MD5 checksum, except by brute force), the attacks are only theoretical.

Applications that require a cryptographic hash should use SHA-2 instead. SHA-2 produces a 256-bit (32-byte) checksum (there are other, less common sizes), not 128-bit, so applications with a fixed-size field must be updated. SHA-1 is also a viable alternative; although SHA-2 is meant to replace SHA-1, there are currently no practical vulnerabilities in SHA-1 that SHA-2 solves.

Neither MD5 nor SHA-1 or SHA-2 are suitable for password hashing. Use PBKDF2, bcrypt or scrypt. Read How to securely hash passwords? for more information.

247 questions
104
votes
7 answers

Is MD5 considered insecure?

After all these articles circulating online about md5 exploits, I am considering switching to another hash algorithm. As far as I know it's always been the algorithm of choice among numerous DBAs. Is it that much of a benefit to use MD5 instead of…
Tawfik Khalifeh
  • 2,532
  • 6
  • 22
  • 27
80
votes
3 answers

How can I create a password that says "SALT ME!" when hashed?

How can I create a password, which when directly hashed (without any salt) with md5 will return a string containing the 8 characters "SALT ME!". The hope is that a naive developer browsing through his user database will see the "hash", realize the…
Joel
  • 1,069
  • 1
  • 8
  • 7
78
votes
4 answers

How long will it take to crack the passwords stolen in the Yahoo hack announced 14 Dec 2016?

Apparently Yahoo was hacked yet again with up to a billion user accounts being compromised. The article says Yahoo uses MD5 for password hashing. Are the hackers likely to be able to crack the passwords too? How long will it take to crack 1…
soadyp
  • 895
  • 2
  • 7
  • 11
73
votes
4 answers

Is SHA1 better than MD5 only because it generates a hash of 160 bits?

It is well known that SHA1 is recommended more than MD5 for hashing since MD5 is practically broken as lot of collisions have been found. With the birthday attack, it is possible to get a collision in MD5 with 264 complexity and with 280 complexity…
sudhacker
  • 4,260
  • 5
  • 23
  • 34
64
votes
8 answers

Why do people still use/recommend MD5 if it has been proven weak since 1996?

It's still a commonly recommended way of hashing passwords, even if its insecurity had been proven in 1996: Therefore we suggest that in the future MD5 should no longer be implemented in applications like signature schemes, where a…
Marek Sebera
  • 2,223
  • 3
  • 20
  • 27
58
votes
4 answers

Why are MD5 and SHA-1 still used for checksums and certificates if they are called broken?

I was just reading about SSL/TLS stuff, and according to this site (which is rated as A by Qualys SSL Labs), MD5 is totally broken, and SHA-1 is cryptographically weak since 2005. And yet, I noticed that a lot of programmers and even Microsoft only…
Freedo
  • 2,253
  • 5
  • 18
  • 28
57
votes
5 answers

Is it secure to use MD5 to verify the integrity of small files (less than 15kb)?

I know that collision for MD5 has been documented since the 90s and that digital certificates based off of MD5 has been demonstrated to be completely compromised back in 2010 but how effective is MD5 in ensuring that small amounts of data have not…
thebunnyrules
  • 673
  • 1
  • 5
  • 10
50
votes
4 answers

How to approach replacing md5 for transporting Unity game data to a remote server

TL;DR I am working on a gaming system that uses UnityScript and C# on the client and PHP on the server. A MD5 hash of the data plus a shared secret is used to check that the data has not been modified in transit. Is MD5 good enough for this? What…
Martin
  • 1,057
  • 1
  • 11
  • 18
45
votes
3 answers

Is bcrypt(strtolower(hex(md5(pass)))) ok for storing passwords?

I have a large database where passwords are stored as strtolower(hex(md5(pass))) (which is a bad way to store passwords, prone to rainbow tables, cheap to dictionary attack, no salt, etc.), and I'm tasked with switching from md5 to bcrypt, I have to…
user1067003
  • 564
  • 4
  • 11
42
votes
7 answers

Exploiting MD5 vulnerability in this PHP form?

I've been practicing in security-related topics and I came upon this problem which I don't understand at all. You receive a form with one input named pass, and this is the code you need to…
Tom
  • 880
  • 1
  • 7
  • 14
37
votes
5 answers

How can I prove this site has a huge security weakness?

Disclaimer: I'm a computer programmer, not a security analyst or anything to do with security. I have zero experience in the world of cryptography, so bear with me please. Situation: I was given the task to integrate a client's site with a data…
Daevin
  • 489
  • 1
  • 4
  • 9
34
votes
4 answers

Does every hash value have an inverse value?

There are many different hash functions, md5, sha, and others. They take a value V and produce a H via transformation Function(V) = H, where Function is md5, sha, etc. My question is: Does every hash value H have a value V? For example, given md5…
bodacydo
  • 829
  • 9
  • 14
30
votes
3 answers

MD5 collision attacks: are they relevant in password hashing?

DISCLAIMER: This is not an endorsement of MD5 as a password hashing function. I know about parallelization, GPUs, and dedicated password hashing functions like bcrypt and scrypt. With that out of the way, I'm getting at least a little irked when…
Null
  • 519
  • 5
  • 10
27
votes
2 answers

How can the content of a file refer to its own MD5?

So I just saw this picture on Imgur: http://imgur.com/gxRCrCM The intriguing thing about it is that the picture refers to an old Daft Punk song named "Face 2 Face". The image's MD5 is 6b0cc07a5c4d3d8fface2face79d8205 which, amazingly enough,…
John Blatz
  • 991
  • 10
  • 16
26
votes
3 answers

Known strings to have the same MD5 hash, not colliding in real life?

I was reading this article about MD5 hash collisions in which it clearly states that these two strings (differences marked with…
1
2 3
16 17