MD5
The world's most famous hash function, still everywhere despite being completely broken for security purposes since 2004.
By Deepak Gupta ·
MD5 (Message-Digest Algorithm 5) was the workhorse hash of the 1990s and early 2000s. It produces a 128-bit fingerprint, it's fast, and it's still the right answer when you need a checksum to detect *accidental* corruption: package managers, file-deduplication, internal cache keys. It is the wrong answer for *anything* security-sensitive: collisions can be generated in seconds on a laptop, chosen-prefix collisions in hours on a GPU, and the Flame malware used an MD5 chosen-prefix collision to forge a Microsoft code-signing certificate in 2012. If you're hashing passwords with MD5, an attacker with your dump can recover them in under a minute. Use BLAKE3 for fast non-cryptographic uses and Argon2id for passwords.
Recommended uses
- ·Non-security checksums (detecting accidental file corruption)
- ·Cache keys / fingerprinting where collisions don't matter
Known attacks / caveats
- ·Collision attacks since 2004 (Wang & Yu)
- ·Chosen-prefix collisions in hours (HashClash, 2009)
- ·Used to forge a Microsoft code-signing cert (Flame, 2012)
- ·Rainbow-table recovery for short / common inputs in seconds
Designed by
Ronald Rivest, published 1992.