IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [md5]

a cryptographic hash function with a 128-bit (16-byte) output, now deprecated

MD5 is a cryptographic hash function. It was the de facto standard cryptographic hash in the 1990s but is now deprecated because vulnerabilities have been discovered.

An MD5 checksum consists of 128 bits (16 bytes) which are often presented as 32 hexadecimal digits.

MD5's collision resistance is broken: it is possible to find two strings with the same MD5 checksum (there can be some additional requirements on the strings, for example a common prefix). For applications that only rely on other properties such as preimage resistance (the impossibility of finding a string given its MD5 checksum, except by brute force), the attacks are only theoretical.

Applications that require a cryptographic hash should use SHA-2 instead. SHA-2 produces a 256-bit (32-byte) checksum (there are other, less common sizes), not 128-bit, so applications with a fixed-size field must be updated. SHA-1 is also a viable alternative; although SHA-2 is meant to replace SHA-1, there are currently no practical vulnerabilities in SHA-1 that SHA-2 solves.

Neither MD5 nor SHA-1 or SHA-2 are suitable for password hashing. Use PBKDF2, bcrypt or scrypt. Read How to securely hash passwords? for more information.

254 questions
7
votes
1 answer

Is possible to force a file to generate an specific MD5 signature?

Sometimes MD5 is used to validate that a downloaded file is really valid. So I want to know if is possible for a hacker to modify a file and introduce some malicious code AND make that file generate the original MD5. Example Original program MD5:…
IAmJulianAcosta
  • 2,475
  • 3
  • 16
  • 18
6
votes
1 answer

How fast can a MD5 collision be found

If I have a salt of 16bytes and 16bytes of data, how fast can one find another 16bytes of data so that MD5(salt + data) == MD5(salt + other data)? I don't expect an answer accurate to the nanosecond, just an estimation like "a few seconds", "a few…
Serge Profafilecebook
  • 173
  • 1
  • 3
2
votes
2 answers

Is md5(time . rand) secure enough as session ID?

I'm working on a small game website and don't expect too much traffic. Would md5(time . rand) suffice to have a "random enough" identifier for a game? (Or is it easy to get a clash that way?)
SandTh
  • 125
  • 4
2
votes
1 answer

Is MD5 ok to use if salted?

This post: http://www.gaiaonline.com/journal/?mode=view&post_id=19734573&u=8357925 Said that salted MD5 is ok but regular MD5 would not be ok. I am a bit confused about this and would apprecaite a response.
John Doe
  • 21
  • 1
2
votes
2 answers

Do you need to check the entire md5 hash value

Is there any likelyhood that two different versions of the same file will produce the same characters at the start of the hash and at the end of the hash (say, the first/last five characters) - is it really only necessary to check those characters? …
B5A7
  • 121
  • 2
1
vote
2 answers

injected code decode

Recently I saw a domain of mine was hacked and the hacker have injected his code in some encryption format as below.
Prakash
  • 322
  • 2
  • 14
1
vote
2 answers

Ip4v Rainbow Table

a friend challenged me to find out the ip from the new web server he uses. Is there a rainbow table or something similar with all possible adresses or are 4 billion numbers to much for a normal consumer pc ? Is there another way to find out the…
Tim
  • 41
  • 3
1
vote
2 answers

How one can find a string whose MD5 hash has a specific prefix?

I've heard that there is a string that contains only the letters a to z whose MD5 hash begins with the hexadecimal prefix 314159265358 and the rest can be arbitrary. How can one find such a string and how long would the search take on a normal…
pi_layman
  • 11
  • 1
  • 2
0
votes
3 answers

Is downloading a linux ISO from an HTTP site and running it in VirtualBox very risky?

Recently, after doing a fresh install of my Mac's OS, I downloaded VirtualBox and, from an HTTP site, a linux ISO. The ISO had only an MD5 checksum for verification. The hashes matched. So I ran the ISO in VirtualBox multiple times, briefly. Then I…
Lijishe
  • 111
  • 2
0
votes
0 answers

Break MD5 with partial control of hashed value

During a pentest some time ago, I came across an interesting functionality, and upon research, it appeared that I had partial control over the starting value in an MD5 hash. With some more digging, the final hash was a result of…
JZ T
  • 1
0
votes
1 answer

Why file hosting sites never ban files using MD5 hash?

We have beautiful technology called MD5 Hash for banning files, then why file hosting sites never implement this thing on DMCA files?
Survivalist Jester
  • 3
  • 1
-4
votes
1 answer

What is wrong with those calculations md5 gpubruteforcing

I read an article by a stackexchange founder: http://www.codinghorror.com/blog/2012/04/speed-hashing.html It talks about: " two ATI Radeon 7970 cards generating nearly 16000 M c/s with MD5." " the full range of a common US keyboard – that is,…
user129789
  • 165
  • 4