Questions tagged [md5]

MD5 is a hash function that is no longer considered secure from a cryptographic point of view. Therefore, it should only be used for backward compatibility.

MD5 was a cryptographic hash function that generated a 128 bit output. It was designed in 1992. But since then weaknesses in the collision resistance have been discovered, which make MD5 unsuitable for almost all use cases.

Furthermore MD5 is an extremely fast algorithm that can be speed up even more on graphic cards. MD5 is therefore not suitable for hashing passwords anymore.

Research papers concerning the weaknesses of MD5:

The Status of MD5 After a Recent Attack Dobbertin, Hans (1996)
How to Break MD5 and Other Hash Functions Xiaoyun Wang; Hongbo Yu (2005).
MD5 considered harmful today - Creating a rogue CA Certificate

263 questions

votes

1 answer

MD5: Existence of invariant (fixed point)

Is it possible to find 128 bits $B$ such that $md5(B) = B$? md5 has collisions that can be computed in acceptable time, but I did not find any papers on fixed points in md5. As pointed out in this question from 2014, there is a 63.2% probability for…

md5

asked Apr 10 '19 at 10:55

Le 'nton

votes

1 answer

Has it become easier to pre-compute tables after MD5 collisions?

Apparently it is not possible to compute all MD5 values from 0x00000000000000000000000000000000 to 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF. As far as I understand this operation is hard because cryptographic hash functions make it difficult to calculate…

md5

asked Jul 23 '13 at 17:25

Andreas Spindler

votes

3 answers

Is MD5 particularly vulnerable when given multiple MD5 hashes using a common, secret suffix?

Suppose I've got a list of "passwords" that are hashed using the same suffix, so basically what we do is hash = md5_digest(prefix+suffix), with suffix being a constant. Now, if I know a single prefix and hash pair, I can trivially do a brute-force…

md5

asked Mar 06 '17 at 17:17

biziclop

votes

1 answer

MD5 Algorithm Constant

From MD5, Is there any explanation or reason why they assign the number of shifts and constants as the values below? //s specifies the per-round shift amounts s[ 0..15] := { 7, 12, 17, 22, 7, 12, 17, 22, 7, 12, 17, 22, 7, 12, 17, 22 } s[16..31]…

md5

asked Nov 26 '16 at 09:45

Calvin

votes

1 answer

Is it possible to demonstrate that md5(x) != x for any x?

I am looking for an easy to follow explanation, if possible, that demonstrates/proves the validity (or not!) of this assertion: for any X, md5(X) != X (being X any string of 32 hex characters)

md5

asked Oct 10 '14 at 14:33

Juanan

votes

1 answer

MD5 implementation

As a personal project, I want to implement MD5 on an FPGA, but I have some doubts about the specifics of the implementation. My first source of how the algorithm is implemented was the RFC 1321, where there is a pseudocode that explains that round 1…

md5

asked Feb 11 '13 at 18:01

Fackelmann

votes

1 answer

What does "congruent to 448, modulo 512" mean for padding in MD5 hash function?

What does "congruent to 448, modulo 512" mean within the MD5 hash specifications? From the specification: The message is "padded" (extended) so that its length (in bits) is congruent to 448, modulo 512. That is, the message is extended so that it…

md5

asked Nov 12 '16 at 04:32

Aamir

votes

1 answer

MD5 Hash outputs not produced

Are there any hash outputs not produced by the MD5 hash function? I need to use it as a placeholder for an empty hash while comparing two hashes.

md5

asked Nov 13 '15 at 16:05

kpriya

votes

1 answer

How does MD5 process text which is shorter than 512 bits

MD5 processes a 512-bit block and produces a 128-bit (16 byte) message digest often expressed as 32-digit hexadecimal value For example if I hash the word "how" using MD5 , I get the following hash value db88a0257c220dbfdd2e40f6152d6a8d The word…

md5

asked Oct 10 '14 at 03:11

Computernerd

votes

2 answers

Reverse MD5 of a 76 character string when the first 44 characters are known

I have a situation where I would like to reverse a hash which is the MD5 of a concatenation of 76 characters. I know the first 44 characters but don't know the remaining 32 characters. A description of the problem is as follows: Hash = MD5 (cat…

md5

asked Oct 06 '17 at 09:46

Makesh K

votes

1 answer

Guess 100 bits of md5 hash

I found the following challenge on a wargames site: A 16 byte string is randomly generated and hashed with md5 => HashRandom Next, the following happens in an infinite loop: user is prompted for a 16 byte input input is hashed => HashUser HashUser…

md5

asked Dec 11 '16 at 14:08

Timo89

votes

0 answers

Are there unreachable MD5 hashes?

Are there any known MD5 hashes that can´t occure, no matter what (finite) input is taken? Thanks

md5

asked Feb 17 '16 at 10:43

Zsolt Szilagy

votes

2 answers

Understanding the length b used in MD5

I am trying to understand MD5 hash algorithm from the link http://www.ietf.org/rfc/rfc1321.txt At first I was not able to understand padding of MD5. Then I asked a question in this link: To understand a fact related to padding in MD5 From this…

md5

asked Jan 12 '16 at 04:40

Shahed al mamun

vote

1 answer

Can we build two messages with same MD5 but different size?

Can we build two messages with same MD5 but different size? I researched MD5 collisions, but everything I found targets messages of the same size.

md5

asked Jan 24 '21 at 19:20

Raoul Bhatia

vote

1 answer

MD5 hash: retrieve an element of a source string

Suppose you have a string, precisely an MD5 hash string, which basically it is computed in the following way: "element1:element2:element3" So, in order to get the hash (MD5 hash) you can issue the command: echo -en "element1:element2:element3" |…

md5

asked Mar 01 '20 at 17:26

terence

2 3 Next