(also message digest, hash value, checksum)
MD5 is a cryptographic hash function used to verify the integrity of input data, such as a message or a file. MD5 detects changes and modifications to the original data by generating a unique fixed-size output (known as a hash value or digest). MD5 has been used for various purposes, from verifying the integrity of downloaded files to securing password storage. However, over the years, cybercriminals have detected and exploited several security vulnerabilities of MD5.
How MD5 works
- MD5 converts input data into a fixed 128-bit value.
- It divides the data into 512-bit blocks. If the last block isn’t exactly 512-bit long, MD5 pads it with extra bits until it is.
- The MD5 algorithm creates a 128-bit buffer to hold the data.
- The algorithm processes each 512-bit block of data and updates the buffer accordingly. This process is done in four rounds of 16 operations each.
- After all the blocks have been processed, the resulting buffer is the 128-bit hash value for the input data.
- The hash value is unique to the input data. If there is any change in the data, the hash value will also change.
- MD5 verifies that the original data’s value matches the received data’s hash value.
MD5 security vulnerabilities and incidents
- MD5 collisions used for rogue CA certificates (2008). Researchers showed that they could use an MD5 collision attack to generate a rogue CA certificate.
- Flame malware attack (2012). This advanced malware caused Iranian officials to disconnect their oil terminals from the internet.