What is MD5, and how is it used today?
Message-Digest Algorithm 5 (MD5) is a one-way hashing algorithm used primarily for digitally signing files and strings. MD5 does have its weaknesses. They say a good mixture is an initial compression using a hash-based encryption (MD5 and SHA1) and a more reliable encryption such as RSA. Rather than going into technical specifics, it's suggested you read RFC 1321. As mentioned in many online circuits, it's specifically suggested to migrate applications from MD5 to a more reliable encryption method before a wide spread cracking revolution occurs in terms of MD5/SHA1-based encryption.
MD5 is considered to be one of the fastest encryption algorithms with a little safety harness. Its safety harness is essentially another round of calculations to ensure ultimate security (which has been rumored as broken). It's utilized heavily in both open and closed source applications and platforms such as Apache and Solaris.
Why should I use MD5 if I know it is not the most secure?
The answer is fairly straightforward: it's fast, it's easy, and it can be powerful if salted. With a little bit of salt any meal will taste better. That's the analogy we'll use in this article to enhance the MD5 hashing algorithm to further extend our security without jeapordizing our performance. The greatest advantage of MD5 is it's speed and ease of use.
What are these security flaws in MD5?
Last month (August 12, 2004), an announcement was made by Antoine Joux in regards to a flaw in the algorithm for MD4 and MD5. Later that month, a paper was submitted (http://eprint.iacr.org/2004/199.pdf) that detailed collisions. The paper suggests that it takes about an hour to find the first collision and an estimated 15 minutes to detect the remainder of the hash.
In a convention held in Santa Barbara (Crypto 2004), it's reported that other collision examples were presented as well as that an onslaught of hackers is developing means of creating these collisions for intrusion purposes. Apache and Solaris are known to use MD5 heavily in validating file uniqueness and are the most affected by this awareness. Since MD5 and SHA1 are known as hash functions, these types of collisions were expected.
What will we discuss in this article?
Most applications that utilize password storage and user rights, it's important to alter the passwords for encryption purposes. In most cases, any medium encryption is more than enough. In this article, we'll examine how to implement MD5 in our applications and specific means of salting the keys to add additional security.