[DBWG] MD5 Algorithm

Michel ODOU michel.odou at afrinic.net
Tue Mar 5 05:46:04 UTC 2019

Hash: SHA512

On Fri, 1 Mar 2019 07:49:13 -0800
COMPSUDEV Cameroon <compsudev at gmail.com> wrote:

> The *MD5 algorithm* is a widely used hash function producing a
> 128-bit hash value. Although MD5 was initially designed to be used as
> a cryptographic hash function, it has been found to suffer from
> extensive vulnerabilities. It can still be used as a checksum to
> verify data integrity, but only against unintentional corruption. It
> remains suitable for other non-cryptographic purposes, for example
> for determining the partition for a particular key in a partitioned
> database.
> One basic requirement of any cryptographic hash function is that it
> should be computationally infeasible to find two distinct messages
> which hash to the same value. MD5 fails this requirement
> catastrophically; such collisions can be found in seconds on an
> ordinary home computer. The weaknesses of MD5 have been exploited in
> the field, most infamously by the Flame malware in 2012. The CMU
> Software Engineering Institute considers MD5 essentially
> "cryptographically broken and unsuitable for further use"
> MD5 processes a variable-length message into a fixed-length output of
> 128 bits. The input message is broken up into chunks of 512-bit
> blocks (sixteen 32-bit words); the message is padded so that its
> length is divisible by 512. The padding works as follows: first a
> single bit, 1, is appended to the end of the message. This is
> followed by as many zeros as are required to bring the length of the
> message up to 64 bits fewer than a multiple of 512. The remaining
> bits are filled up with 64 bits representing the length of the
> original message, modulo 264
> The security of the MD5 hash function is severely compromised. A
> collision attack exists that can find collisions within seconds on a
> computer with a 2.6 GHz Pentium 4 processor (complexity of 224.1).
> Further, there is also a chosen-prefix collision attack that can
> produce a collision for two inputs with specified prefixes within
> hours, using off-the-shelf computing hardware (complexity 239).The
> ability to find collisions has been greatly aided by the use of
> off-the-shelf GPUs. On an NVIDIA GeForce 8400GS graphics processor,
> 16–18 million hashes per second can be computed. An NVIDIA GeForce
> 8800 Ultra can calculate more than 200 million hashes per second.
> These hash and collision attacks have been demonstrated in the public
> in various situations, including colliding document files and digital
> certificates. As of 2015, MD5 was demonstrated to be still quite
> widely used, most notably by security research and antivirus
> companies.


Thank you for the information.

Please note that a proposal was made on November 2016 [1] to deprecate
old password hashing methods in AFRINIC WHOIS. This was later put on
production [2] and as from September 2017, we have deprecated MD5 and
CRYPT passwords.

Weak authentication methods (MD5-PW and CRYPT-PW) can still be used to
authenticate maintainers but the only way to add or update a
maintainer's password is to use BCRYPT-PW.

You will find more information about this as well as a bcrypt
password hash utility on AFRINIC website [3].




More information about the DBWG mailing list