MD5

MD5 (Message Digest 5) is a Merkle–Damgård hash function specified in RFC 1321 that produces a 128-bit digest. It was widely used in digital signatures, certificates, password hashing, and integrity checks during the 1990s and 2000s. Wang et al. published the first practical collisions in 2004, and since then chosen-prefix collisions have been computed in minutes — most famously to forge a rogue Certificate Authority (Flame malware, 2012). MD5 therefore offers no collision resistance and only weak preimage resistance; NIST, PCI DSS, CA/Browser Forum, and TLS all forbid it. MD5 should not be used in signatures, certificates, password storage (use Argon2/scrypt/bcrypt), or any new design. Modern alternatives are SHA-256, SHA-3, and BLAKE2/BLAKE3; MD5 survives only for non-security checksums and legacy compatibility.