What Is MD5? Why It Is No Longer Secure
MD5 (Message-Digest Algorithm 5) is a hash function that produces a 128-bit (32-character hex) digest from any input. Designed by Ronald Rivest in 1991, it was once widely used for checksums and password storage. However, practical collision attacks were demonstrated in 2004-2005, making MD5 unsuitable for any security-critical purpose.
How MD5 Works
MD5 processes input in 512-bit chunks through four rounds of operations producing a 128-bit hash. Its small output size and algorithmic weaknesses mean that collision attacks — where two different inputs produce the same hash — can be computed in seconds on modern hardware.
Why MD5 Is No Longer Safe
In 2004, researchers showed it was possible to create MD5 collisions efficiently. By 2008, forged SSL certificates were created using MD5 collisions. Today, MD5 collisions can be generated in under a minute on a standard laptop. This makes MD5 unsuitable for digital signatures, certificates, or verifying file authenticity.
When Is MD5 Still Acceptable?
MD5 remains acceptable for non-security uses: checking accidental file corruption (where malicious tampering is not a concern), generating cache keys, or creating simple checksums for database row fingerprinting. Never use it for passwords, signatures, or integrity verification against adversarial tampering.
What to Use Instead
For file integrity and data verification: SHA-256 or SHA-3. For passwords: bcrypt, Argon2, or scrypt. For digital signatures: SHA-256 or SHA-512 with RSA or ECDSA. All modern security standards have deprecated MD5.