The MD5 reference article from the English Wikipedia on 24-Jul-2004 (provided by Fixed Reference: snapshots of Wikipedia from wikipedia.org)

MD5

In cryptography, MD5 (Message-Digest algorithm 5) is a widely used message digest algorithm (aka, cryptographic hash function) with a 128-bit hash value. It is not merely a checksum generator, though the term is sometimes imprecisely used. It is one of a series of message digest algorithms designed by Professor Ronald Rivest of MIT. When some analytic work indicated that MD5's predecessor, MD4, was likely to be insecure, MD5 was designed in response, in 1991. This indication was subsequently confirmed when weaknesses were found in MD4 in 1994 (Dobbertin, 1998).

MD5 has been widely used, and was originally thought to be cryptographically secure. However, work in Europe in 1994 uncovered weaknesses which make further use of MD5 questionable. Specifically, it has been shown that it is computationally feasible to generate a collision, that is, two different messages with the same hash. Unlike MD4, it is still thought to be very difficult to produce a message with a given hash. In 2004, a distributed project with the name MD5CRK was initiated to demonstrate that MD5 is insecure by finding a collision. Because of these concerns, many security researchers and practioners recommend that SHA-1 (or another high quality cryptographic hash function) be used instead of MD5.

MD5 hashes (or message digests) are commonly represented as a 32-digit hexadecimal number. A sample looks like this (using characters 0-9, a-f):

34048ce4cd069b624f6e021ba63ecde5

The MD5 hash (sometimes called md5sum, for MD5 checksum) of a zero-length string is:

d41d8cd98f00b204e9800998ecf8427e

Table of contents

1 Integrity checking 2 See also 3 References 4 External links

Integrity checking

MD5 digests are widely used in the free software world to provide assurance that a downloaded file has not been altered. By verifying a published MD5 sum's PGP signature, and then comparing a publicized MD5 sum with the checksum of a downloaded file, a user can have considerable confidence that the file is the same as that released by the developers. This protects against Trojan horsess and computer viruses being added to the software surreptitiously.

To check the integrity of a downloaded file (i.e. an ISO image), download the MD5SUM file in same folder as the file you want to verify and use an MD5 utility to compare the MD5 sum of the file to the one you got off a trusted source. On Unix and Linux systems, the md5sum command is an example of such a utility.

See also

• SHA-1
• RIPEMD-160
• Topics in cryptography
• SFV
• Cyclic redundancy check

References

• Hans Dobbertin, 1998. Cryptanalysis of MD4. J. Cryptology 11(4): 253–271

External links

• RFC 1321, The MD5 Message-Digest Algorithm
• MD5 Homepage (unofficial)
• MD5 Online Cracking
• Annotated bibliography of MD5 cryptanalysis

This is the "MD5" reference article from the English Wikipedia. All text is available under the terms of the GNU Free Documentation License. See also our Disclaimer.