Cryptography

MD5 hash - a broken classic

Easy
15 min

What is MD5?

MD5 (Message Digest Algorithm 5) is a cryptographic hash function developed by Ronald Rivest in 1991, which has been widely used for decades.

MD5 converts any length input into a fixed-length, 128-bit digest. Originally it was intended to be a cryptographic tool that enables checking the integrity of a file or message: theoretically, two different inputs should never produce the same digest. This made MD5 an attractive solution for ensuring the integrity of software and storing passwords, among other things.

MD5 Vulnerabilities

Although the design of MD5 aimed to provide a secure way to generate a unique "fingerprint" for data, serious weaknesses have been revealed over time, teaching valuable lessons to the cybersecurity industry. At the turn of the millennium, researchers began to find serious weaknesses in the MD5 algorithm. In particular, two key vulnerabilities came to light.

Speed

The computational efficiency of MD5, which was initially an advantage, turned into a vulnerability as computing power increased. Thanks to this speed, attackers can perform efficient brute-force attacks that try huge amounts of inputs in a short period of time. When attackers are able to try billions or even trillions of possible inputs per second, breaking data protected by MD5 becomes practical and easy.

Collisions

Collision vulnerability refers to a situation where two different inputs (e.g. a file or a message) produce the same digest. This is a serious issue in cryptographic applications, as the digest is supposed to be unique for each input. In the case of MD5, mathematical flaws in the algorithm design allow collisions to be found with relatively little computational power.

In 2004, cryptographers Xiaoyun Wang and Hongbo Yu reported finding a practical method for generating MD5 collisions. Their method made it possible to create two different sets of data that produce the same MD5 hash. This finding demonstrated for the first time in practice that MD5 is not secure.

Collisions - Example

Here are two images with the same MD5 hash. You can verify this by downloading the files and checking their MD5 hash!

Transitioning to Safer Alternatives

Due to weaknesses in MD5, it is recommended to transition to more secure hashing functions, such as SHA-256 and SHA-3. These algorithms are designed to withstand the vulnerability types detected in MD5 and provide stronger security in critical applications.

Exercise

You are conducting penetration testing on a client's information system and manage to break into the web application's database. You obtain the admin user's username and password hash, but now you need to crack it.

Password hash is: 13c3a117d0013ab22417c8edca354b76

You can use the free CrackStation service to crack passwords.

What is the password?

hakatemia pro

Ready to become an ethical hacker?
Start today.

As a member of Hakatemia you get unlimited access to Hakatemia modules, exercises and tools, and you get access to the Hakatemia Discord channel where you can ask for help from both instructors and other Hakatemia members.