Why should you give up or reduce the use of MD5

MD5 is a commonly used one-way hashing algorithm. It is widely used in the following several uses:

Check that the data is consistent. The data stored on both sides of the hash, compare the results, if the results are consistent without any further data alignment. This is the ability to take advantage of its "resistance to conflict" (Collision-resistant), with two different data, whose hash value is only a small probability. Quite a number of data services, especially Web services, use similar practices to detect duplicate data and avoid duplicate uploads.

Store user passwords. Store the result of the password hash in the database to make a password match. This is done using a one-way hash of the characteristics, from the computed hash value can not get the password.

Verify the correctness of the data. The data and data hashes are transmitted together to verify that the data is corrupted during transmission. This is taking advantage of the fact that it is difficult to find two different data whose hash results coincide with the characteristics.

Below we will explain why for the above three uses, MD5 is not applicable.

The first use was particularly frightening. The biggest problem with this use is that MD5 has been found in reality that quite a lot of data can lead to conflict. For example, the MD5 hash of the following two-paragraph data is exactly the same.

Data 1

4d C9 FF 0e E3 5c D4 7b 72 15 87

D3 6f A7 B2 1b DC B7 4a 3d C0 3e 7b 95 18

AF BF A2 A8 4b F3 6e 8e 4b B3 5f 42 75

D8 6d A0 d1555d FB 5f modified FE A2

Data 2

4d C9 FF 0e E3 5c D4 7b 72 15 87

D3 6f A7 B2 1b DC B7 4a 3d C0 3e 7b 95 18

AF BF A2 A8 4b F3 6e 8e 4b B3 5f 42 75

D8 6d A0 d1d55d FB 5f modified FE A2

Output the same MD5 hash

008ee33a9d58b51cfeb425b0959121c9

This means that if the user provides data 1, the server already stores data 2. Checking for duplicates with a simple MD5 hash means that the data stored on the server for the user is 2. The next thing that happens is everyone knows that the user data is missing.

The second use is very susceptible to rainbow table attacks and does not differ substantially from the plaintext store password. A more detailed analysis can be viewed in this article.

A third use typically involves some secret in the data that needs to be hashed, that is, the calculation formula is MD5 (secret key + data). However, this is not appropriate for validating data integrity. This is because, theoretically, if you know MD5 (secret key +x), even if you do not know the contents of the secret key, you can still compute the MD5 (secret key +y) by analyzing the X, thus replacing X successfully with Y. Causes the receiver to still think the data is correct.

Goto:http://www.oschina.net/news/33225/use-less-md5