MD5
What is MD5?
MD5A 128-bit cryptographic hash function designed by Ron Rivest in 1992; now broken — practical collisions are trivial and it must not be used for any security-sensitive purpose.
MD5 (Message Digest 5) is a Merkle–Damgård hash function specified in RFC 1321 that produces a 128-bit digest. It was widely used in digital signatures, certificates, password hashing, and integrity checks during the 1990s and 2000s. Wang et al. published the first practical collisions in 2004, and since then chosen-prefix collisions have been computed in minutes — most famously to forge a rogue Certificate Authority (Flame malware, 2012). MD5 therefore offers no collision resistance and only weak preimage resistance; NIST, PCI DSS, CA/Browser Forum, and TLS all forbid it. MD5 should not be used in signatures, certificates, password storage (use Argon2/scrypt/bcrypt), or any new design. Modern alternatives are SHA-256, SHA-3, and BLAKE2/BLAKE3; MD5 survives only for non-security checksums and legacy compatibility.
● Examples
- 01
MD5 hashes are still used to verify file downloads where only accidental corruption is a concern, not malicious tampering.
- 02
The Flame malware (2012) forged a Microsoft code-signing certificate via an MD5 chosen-prefix collision.
● Frequently asked questions
What is MD5?
A 128-bit cryptographic hash function designed by Ron Rivest in 1992; now broken — practical collisions are trivial and it must not be used for any security-sensitive purpose. It belongs to the Cryptography category of cybersecurity.
What does MD5 mean?
A 128-bit cryptographic hash function designed by Ron Rivest in 1992; now broken — practical collisions are trivial and it must not be used for any security-sensitive purpose.
How do you defend against MD5?
Defences for MD5 typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for MD5?
Common alternative names include: Message Digest 5.