The MD5 algorithm is a 128-bit hashing algorithm. This means that it calculates a 128-bit hash for an arbitrary set of data arriving at its input. This algorithm was developed by Professor Ronald Rivest of the Massachusetts Institute of Technology in 1991 to replace the less reliable predecessor – MD4. The algorithm was first published in April 1992 at RFC 1321. After that, MD5 was used to solve various tasks, from hashing passwords in CMS to creating digital signatures and SSL certificates in md5 files.

The fact that the MD5 algorithm can be hacked was first talked about in 1993. Researchers Bert den Boer and Anton Bossilaris showed that pseudocollisions are possible in the algorithm. Three years later, in 1996, Hans Dobbertin published an article in which he proved the existence of collisions and described the theoretical possibility of hacking MD5. It was not yet a hack, but the world began to talk about the need to switch to more reliable hashing algorithms, such as SHA1 (at the time of this writing, it was already proven that there are collisions in this algorithm, so I recommend using SHA2) or RIPEMD-160.

In the end, I would like to talk a little about protecting your passwords. First, do not use vulnerable hashing algorithms, such as MD5 or SHA1. At the moment, it is worth thinking about using one of the cryptographic hash functions SHA2 or SHA3 (as soon as the relevant standard is published). Second, don’t use hashing functions directly. Always try to use “salt” and combine different algorithms. And third, choose complex arbitrary passwords with a length of at least eight characters. Of course, this does not protect you from hacking by 100%, but at least complicates the life of intruders.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s