[DBWG] MD5 Algorithm

COMPSUDEV Cameroon compsudev at gmail.com
Fri Mar 1 15:49:13 UTC 2019

The *MD5 algorithm* is a widely used hash function producing a 128-bit hash
value. Although MD5 was initially designed to be used as a cryptographic
hash function, it has been found to suffer from extensive vulnerabilities.
It can still be used as a checksum to verify data integrity, but only
against unintentional corruption. It remains suitable for other
non-cryptographic purposes, for example for determining the partition for a
particular key in a partitioned database.

One basic requirement of any cryptographic hash function is that it should
be computationally infeasible to find two distinct messages which hash to
the same value. MD5 fails this requirement catastrophically; such
collisions can be found in seconds on an ordinary home computer.
The weaknesses of MD5 have been exploited in the field, most infamously by
the Flame malware in 2012. The CMU Software Engineering Institute considers
MD5 essentially "cryptographically broken and unsuitable for further use"

MD5 processes a variable-length message into a fixed-length output of 128
bits. The input message is broken up into chunks of 512-bit blocks (sixteen
32-bit words); the message is padded so that its length is divisible by
512. The padding works as follows: first a single bit, 1, is appended to
the end of the message. This is followed by as many zeros as are required
to bring the length of the message up to 64 bits fewer than a multiple of
512. The remaining bits are filled up with 64 bits representing the length
of the original message, modulo 264

The security of the MD5 hash function is severely compromised. A collision
attack exists that can find collisions within seconds on a computer with a
2.6 GHz Pentium 4 processor (complexity of 224.1). Further, there is also a
chosen-prefix collision attack that can produce a collision for two inputs
with specified prefixes within hours, using off-the-shelf computing
hardware (complexity 239).The ability to find collisions has been greatly
aided by the use of off-the-shelf GPUs. On an NVIDIA GeForce 8400GS
graphics processor, 16–18 million hashes per second can be computed. An
NVIDIA GeForce 8800 Ultra can calculate more than 200 million hashes per
These hash and collision attacks have been demonstrated in the public in
various situations, including colliding document files and digital
certificates. As of 2015, MD5 was demonstrated to be still quite widely
used, most notably by security research and antivirus companies.


*NDUM Vianney Forewah.*
*Community Participation In Sustainable Development*
*COMPSUDEV Cameroon*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/dbwg/attachments/20190301/f54fc05c/attachment.html>

More information about the DBWG mailing list