MD5 is Broken for Security

  • 1996: Theoretical collision attacks published
  • 2004: First practical collision found (two different files → same hash)
  • 2008: Researchers created fake SSL certificate using MD5 collision
  • Today: A collision can be found in seconds on a laptop—NEVER use for passwords or signatures

The Rise and Fall of MD5

  • Created by Ron Rivest in 1991 to replace MD4 (which was even weaker)
  • MD5 = 'Message Digest Algorithm 5' — 128-bit hash (32 hex chars)
  • Was the gold standard for checksums throughout the 1990s-2000s
  • Still appears in older systems, ISO downloads, and legacy APIs

When MD5 is Still Acceptable

  • File integrity checks where security isn't critical (detecting accidental corruption)
  • Cache keys or deduplication (where collisions are annoying, not dangerous)
  • Non-security checksums (comparing if two files are likely identical)
  • Legacy system compatibility where you can't change the algorithm

What to Use Instead

  • File integrity: SHA-256 (used by Git, package managers, Bitcoin)
  • Passwords: bcrypt, scrypt, or Argon2 (intentionally slow)
  • Digital signatures: SHA-256 or SHA-3 (collision-resistant)
  • HMAC authentication: HMAC-SHA256 (keyed hashing)