Message Digest 5, or MD5, was created by Ronald Rivest in 1991 to replace his previous version, MD4, which was deemed insecure after the results of cryptanalytic work by Bert den Boer and Antoon Bosselaers showed MD4 weaknesses. Interestingly enough, MD4 is the algorithm behind the computation of NT-hash password digests on Microsoft Windows NT, XP and Vista.

MD5 is a cryptographic hash function that takes an arbitrary block of data and returns a bit string of a fixed size commonly called the hash value or the message digest. Think of a hash like a digital fingerprint. MD5 produces a 128-bit message digest that is represented in 32-bit hexadecimal format. The basic operation of a hash function takes a message (input data) and encodes it using a series of rounds where algorithms modify the data to produce a hash value (bit string).

Recent MD5 flaws have been disclosed and as a result of these disclosures, US-CERT has stated that MD5 “should be considered cryptographically broken and unsuitable for further use”. As a result of these flaws, U.S. government applications will be required to move to the SHA-2 family of hash functions by 2010. Another interesting side note: the U.S. National Institute of Standards and Technology (NIST) held an open competition to find a new hash function capable of replacing SHA-2. This new hash function will be called SHA-3 and is expected to become a Federal Information Processing Standard (FIPS) sometime around 2012.

Continue reading..