MD5 Homepage (unofficial)


MD5: Introduction

MD5 was developed by Professor Ronald L. Rivest of MIT. What it does, to quote the executive summary of rfc1321, is:
[The MD5 algorithm] takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input. It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest. The MD5 algorithm is intended for digital signature applications, where a large file must be "compressed" in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem such as RSA.
In essence, MD5 was a way to verify data integrity, and is much more reliable than checksum and many other commonly used methods. However, it is now obsolete, and should no longer be used for new implementations.

Is MD5 perfect? A cryptographic algorithm is rarely provably perfect. Cryptographers examine and test algorithms as carefully as possible, but few stand the test of time. MD5 has known problems. See below for more information.

NEWS:

As of 2008-12-30, MD5's use in PKI is now problematic. Because of the collision weakness noted below, two certificate signing requests can be generated with the same hash, one for a legitimate destination, one for a victim or wildcard destination. The legit request is sent to a certificate authority that still uses MD5. The CA signs the legitimate request. The requestor can then use that signature for the victim/wildcard certificate.

As of 2004, MD5 has a known collision weakness. See the technical article about the collisions, read more meta-info about the collisions, and read an FAQ on the impact of the MD5 collisions. Synopsis: MD5 is not completely useless, but is now problematic for certain uses.

Implementations

Apple IIgs
ASP
C
C++
C#/.Net
Coldfusion
command-line
Delphi
Java
Javascript
Lua
Lotus Script
Macromedia Director
masm32
Miva
MySQL
Perl5
PHP
PostgreSQL
Python
REBOL
REXX
Scheme
SQL Server
TCL
Visual Basic
Windows
Witango

Collision generators

RSA's MD5 disclaimer

Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved.

License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing this software or this function.

License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing the derived work.

RSA Data Security, Inc. makes no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided "as is" without express or implied warranty of any kind.

These notices must be retained in any copies of any part of this documentation and/or software.


This page maintained by Mordechai T. Abzug. If you want to add a link, send mail to mabzug1@umbc.edu.