1. MD5 ALGORITHM past and present

2. History Initial checking of integrity – checksums, then CRC These are only good at detecting lost information due to hardware or transmission errors

3. History The checksum has no real protection of data integrity Easily circumvented or reverse- engineered

4. Potential Attack A wants to obtain privileges from B A generates two messages with the same hash values A presents an innocent message to B for his digital signature A applies the signature to the other malicious message with the same hash

5. Cryptography The solution lay in one-way hashing algorithms These should keep two messages from colliding (having the same hash) They should also be sufficiently difficult to reverse-engineer

6. Cryptography MD5 represents the fifth iteration designed by Ronald Rivest (RSA) Others from other authors include Whirlpool and SHA MD5 is open-source and released under the GPL MD5 is optimized for use on 32-bit computers

7. MD5 Hashing MD5("The quick brown fox jumps over the lazy dog") = 9e107d9d372bb6826bd81d3542a419d6 MD5("The quick brown fox jumps over the lazy cog") = 1055d3e698d289f2af8663725127bd4b MD5("") = d41d8cd98f00b204e9800998ecf8427e

8. Modern Flaws MD5 uses a short 128-bit hash MD5 has become a popular hashing tool through PHP PASSWORD HASHING Rivest says his algorithm was never designed for this usage Long messages that need an integrity check before encryption

9. MD5 Flaws Rainbow tables for passwords COLLISIONS!

10. MD5 Collisions 2004 Wang et. al delivered an algorithm that could produce collisions in a few hours on an IBM p690 cluster Algorithm was improved by Lenstra et. al in 2005 to a few hours on a single laptop

11. Final thoughts A digest algorithm does not provide integrity if collisions are so simple to produce SHA or Whirlpool should be considered until a replacement for MD5 can be found