MD5 is a 128-bit hash algorithm created by scientist Ronald L. Rivest in the early 1990s. The abbreviation MD5 stands for Message Digest Version 5.
MD5 encryption is based on hashing, which involves the formation of "fingerprints" or "sums" in order to further verify their authenticity. Using this method, you can verify the integrity of the information, as well as the storage of password hashes.
MD5 History
The history of the Message Digest Algorithm (MD5) begins in 1991, when MIT professor Ronald L. Rivest reported on the creation of a new algorithm that replaced the obsolete MD4. As for MD4, a number of shortcomings were indeed found in it, as German cryptologist Hans Dobbertin later wrote.
Rivest described the new MD5 algorithm in RFC 1321.
The work on the algorithm was continued by researchers Bert den Boer and Anton Bosselars, who in 1993 proved the possibility of pseudo-collisions in MD5, when different initialization vectors can match with the same message digests.
Further, in 1996 Hans Dobbertin claimed to have found a collision in MD5. At that time, more preferred hashing algorithms became known, such as the RIPEMD-160 cryptographic hash functions - developed by Hans Dobbertin, Anton Bosselars and Bart Prenel, Whirlpool - developed by Vincent Raymen and Paulo Barreto and the SHA-1 cryptographic hashing algorithm.
Due to the relatively small hash size (128 bits) in MD5, there has been talk about the possibility of birthday attacks. The MD5CRK project, launched by Jean-Luc Cook in 2004, aimed to study the vulnerability of the algorithm using birthday attacks. But, after five months, on August 17, 2004, the project was curtailed due to the discovery of a vulnerability in the algorithm by a group of Chinese cryptographers led by Lai Xuejia.
In March 2005, mathematicians and cryptographers Benne de Weger, Arjen Lenstra, and Wang Xiaoyun created two X.509 documents with the same hash and different public keys.
A year later, in March 2006, an algorithm was published by the Czech cryptographer Vlastimil Klima, which allows you to determine collisions on a simple computer in just one minute. This algorithm became known as the "tunneling" method.
As a result of the analysis of the results of the work, in 2008, the division of the National Cyber Security Administration of the US Department of Homeland Security (US-CERT) recommended that everyone who was involved in the development of software, websites, as well as network users, stop using the MD5 algorithm , regardless of the purpose of its application. The reason for such a recommendation was the unreliability that he demonstrated in the process of studying it.
In December 2010, Chinese cryptologists Tao Xie and Feng Denguo discovered a message collision of 512 bits (one block). Previously, collisions were found only in messages that were two blocks or more in length. Later, Mark Stevens achieved similar results by publishing blocks with the same MD5 hash. He also developed an algorithm for obtaining collisions of this type.
The final document that put an end to the history of the development of the MD5 algorithm was a request for comments - RFC 6151 (RFC is an official document developed by the Internet Engineering Council (IETF), which describes specifications for a specific technology), which actually recognized MD5 as an insecure hashing algorithm . The document recommends abandoning it, choosing the SHA-2 family of cryptographic algorithms as an alternative.
The discussed MD5 algorithm is considered to be one of the first algorithm standards used to check the integrity of files and store passwords in web application databases.
But, in fact, the relatively simple functionality, short output length and simplicity of the operations performed, being the advantages of the algorithm, also determine its disadvantages - MD5 refers to algorithms that are prone to hacking and have a low degree of protection against birthday attacks.