MD5
| General | |
|---|---|
| Designers | Ronald Rivest |
| First published | April 1992 |
| Series | MD2, MD4, MD5, MD6 |
| Cipher detail | |
| Digest sizes | 128 bit |
| Block sizes | 512 bit |
| Structure | Merkle–Damgård construction |
| Rounds | 4 |
| Best public cryptanalysis | |
| A 2013 attack by Xie Tao, Fanbao Liu, and Dengguo Feng breaks MD5 collision resistance in 218 time. This attack runs in less than a second on a regular computer. MD5 is prone to length extension attacks. | |
The MD5 message-digest algorithm is a widely used hash function producing a 128-bit hash value. MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function MD4, and was specified in 1992 as RFC 1321.
MD5 can be used as a checksum to verify data integrity against unintentional corruption. Historically it was widely used as a cryptographic hash function; however it has been found to suffer from extensive vulnerabilities. It remains suitable for other non-cryptographic purposes, for example for determining the partition for a particular key in a partitioned database, and may be preferred due to lower computational requirements than more recent Secure Hash Algorithms.