Jump to content

Cryptography/MD5

From Wikibooks, open books for an open world

MD5 is a popular Hash Function used by many people around the world. Developed by Professor Ronald L. Rivest of MIT

It has two purposes:

  1. Verify the integrity of a file after a specified period of time
  2. Generate Hash values for a certain piece of data ( Ex: file) and store them, for later cross checking if the file has been modified or not (this is in essence the 1st point stated above)

For example, on a system that has a file called "SAMPLE.TXT" the MD5 hash would look like this:

filename hash value
C:\SAMPLE.TXT BC8FEFECA210FC0C0F3EBC1614A37889

MD5 takes as input a message of arbitrary length and produces as output a 128- bit "fingerprint" or "message digest" of the input. It is conjectured that it is computationally infeasible to produce any message having a given prespecified target message digest. The MD5 algorithm was intended for digital signature applications, where a large file must be "compressed" in a secure manner before being signed with a private (secret) key under a public-key cryptosystem such as RSA. However, practical attacks on the collision resistance of MD5 exist[1], and it should therefore not be used with digital signatures or any other application requiring collision resistance.

Exact technical information is described in RFC:1321 (as HTML).

References

[edit | edit source]
  1. [1]Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger: MD5 considered harmful today - Creating a rogue CA certificate http://www.win.tue.nl/hashclash/rogue-ca/