Using MD5 Encryption
page 1 of 4
Published: 22 Sep 2004
Unedited - Community Contributed
Abstract
With security being the strongest aspect of major development issues, encryption for sensitive data is essential in everyday development. MD5 hashing algorithm is one of the most commonly used algorithms and, mixed with salted hash, is one of the best. Let's stop fluffing, and get right to it.
by Kay Lee
Feedback
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 34357/ 71

What is MD5?

What is MD5, and how is it used today?

Message-Digest Algorithm 5 (MD5) is a one-way hashing algorithm used primarily for digitally signing files and strings.  MD5 does have its weaknesses.  They say a good mixture is an initial compression using a hash-based encryption (MD5 and SHA1) and a more reliable encryption such as RSA.  Rather than going into technical specifics, it's suggested you read RFC 1321.  As mentioned in many online circuits, it's specifically suggested to migrate applications from MD5 to a more reliable encryption method before a wide spread cracking revolution occurs in terms of MD5/SHA1-based encryption.

MD5 is considered to be one of the fastest encryption algorithms with a little safety harness.  Its safety harness is essentially another round of calculations to ensure ultimate security (which has been rumored as broken).  It's utilized heavily in both open and closed source applications and platforms such as Apache and Solaris.

Why should I use MD5 if I know it is not the most secure?

The answer is fairly straightforward: it's fast, it's easy, and it can be powerful if salted.  With a little bit of salt any meal will taste better.  That's the analogy we'll use in this article to enhance the MD5 hashing algorithm to further extend our security without jeapordizing our performance.  The greatest advantage of MD5 is it's speed and ease of use.

What are these security flaws in MD5?

Last month (August 12, 2004), an announcement was made by Antoine Joux in regards to a flaw in the algorithm for MD4 and MD5.  Later that month, a paper was submitted (http://eprint.iacr.org/2004/199.pdf) that detailed collisions.  The paper suggests that it takes about an hour to find the first collision and an estimated 15 minutes to detect the remainder of the hash. 

In a convention held in Santa Barbara (Crypto 2004), it's reported that other collision examples were presented as well as that an onslaught of hackers is developing means of creating these collisions for intrusion purposes.  Apache and Solaris are known to use MD5 heavily in validating file uniqueness and are the most affected by this awareness.  Since MD5 and SHA1 are known as hash functions, these types of collisions were expected. 

What will we discuss in this article?

Most applications that utilize password storage and user rights, it's important to alter the passwords for encryption purposes.  In most cases, any medium encryption is more than enough.  In this article, we'll examine how to implement MD5 in our applications and specific means of salting the keys to add additional security.


View Entire Article

User Comments

Title: encrytion   
Name: chee
Date: 2010-02-12 2:05:07 AM
Comment:
i recommend that you should use this encryption. because it is more convenient to use and it can lessen our work in encrypting password...
Title: Encryption   
Name: Meeraj
Date: 2009-03-29 8:55:10 PM
Comment:
Hi is MD5 the best option for encrpting passwords for an finance based system. What is the best possible encrption technique?
Title: testing with the MD5 code today   
Name: abhishek
Date: 2008-05-23 2:43:56 AM
Comment:
I will test the code available in this article.. let's see how it goes. Thanks.
Title: thanks   
Name: Karen
Date: 2008-01-24 12:57:58 AM
Comment:
it's my first time here....thanks...haha

this is really great...
Title: Euclidean Theory in 3.a and 3.b   
Name: Karen
Date: 2008-01-24 12:52:36 AM
Comment:
hi..it's me again Karen.. i have so many questions to ask...
What is the Application of the Euclidean Theory in 3.a and 3.b??thanx...THIS WEBSITE IS GREAT...
Title: How about the Application of Pigeonhole in Encryption?   
Name: Karen
Date: 2008-01-24 12:46:17 AM
Comment:
Tn..How about the Appliation of Pigeonhole in Encryption and Decryption?
Title: What is an example of MD5-Complex Encryption Algorithm?   
Name: Karen
Date: 2008-01-24 12:39:12 AM
Comment:
I'm a student in one of the colleges in Philippines. I just want to ask if what is MD5? And an example of Complex Encryption Algorithm?This is our project, and honestly speaking I don't have the idea about this..
tHanx..i need ur answer..thanks again
Title: Even number length only?   
Name: Jeff
Date: 2007-04-09 3:24:58 PM
Comment:
I had no problem getting this to work, great example.

The only issue that I seem to be running into is the method "MD5SaltedHashEncryption" will only encrypt a string with an even length.

Great example, thank you for sharing this.
Title: Suggestion   
Name: prakash sawant
Date: 2006-10-16 7:25:25 AM
Comment:
Only encryption method is provided by u.
But decryption method also needed
so plz. do needful in another article
Title: Encryption   
Name: Anil Dhawale
Date: 2006-09-01 8:13:12 AM
Comment:
I am writing the prog which takes input as UserName , Password and 128 bit chalan no by taking thease input then
so how i will form encryption and
How it will be done .
Title: Mulit Lingual Character Sets   
Name: Diane Wilson
Date: 2006-08-09 5:50:28 AM
Comment:
We currently use MF5 to encrypt our personal identification information eg Address info, Names etc

However, our business is now starting to use multi lingual characters set (2 bytes per character) and unfortunately my testing MF5 with a unicode field which contains non ascii values (eg greek letters)has not been sucessful. Are you aware of any workaround, other than a translation routine up front.

Many thanks

Di
Title: Great Work   
Name: chakris
Date: 2006-06-27 5:55:16 AM
Comment:
Hi Kay,
U hav posted nice blog.I have a question like how can i decrypt the password? do i need to use SHA1 algorthim explicitly for decrypting ? Any solutions or suggestions will be appritiated.. well in advance
Title: NICE ARTICLE!!!!!!!!!!   
Name: BJ
Date: 2006-04-02 4:40:43 AM
Comment:
this article is great!

btw, my friendd and i have just set up a website.
called md5Encryption, it can encrypt and decrypt md5.
welcome to visit! =D
http://www.md5encryption.com/
Title: One of the best article on md5   
Name: Danish
Date: 2006-02-08 7:34:18 AM
Comment:
I am writting program that take hash (salted md5 hash) from user and apply brute force so i have to form a hash from words, e,g
password=2005
and its hash
hash=$1$UHgk$5XmcGTZshB3r7IP5gWP8I1 (Cisco IOS md5 hash)
only john the ripper software can form hashes from words,
so how i will form hash
How it will be done .
Title: Consultant   
Name: Jim S.
Date: 2006-01-15 7:19:40 PM
Comment:
Thanks for passing the salt! I'm catering to some gourmets who are going to eat this stuff up!
:-)
Thanks again for sharing!
Title: Decrypt!!   
Name: asif
Date: 2005-09-06 7:14:33 AM
Comment:
It would much helpful if there was any way to derypt the data to original form(input). Can You Work it out
Title: Thanks Justin   
Name: Kay Lee
Date: 2004-09-26 3:12:46 PM
Comment:
Thanks Justin,

I tried to be as thorough as possible. If anyone's confused, I'll be more than happy to explain further, and there's a lot of qualified readers too.

btw, my blogs aren't what you'd consider technical reading. :)

Again, thanks man.
Kay
Title: Great all in one article   
Name: Justin Lovell
Date: 2004-09-26 9:48:24 AM
Comment:
Cheers Kay,

I think you have an excellent article that combines quite a few blogs together. Normally, with the blogs, the article only develops when the comments/questions are asked -- on the other hand, you have developed from the start to the finish.

Nice job!

-- Justin






Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2024 ASPAlliance.com  |  Page Processed at 2024-10-14 8:46:50 AM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search