MD5

Message-Digest 5 (MD5)

The MD5 message-digest algorithm is a widely used hash function producing a 128-bit hash value. However, it has been mathematically broken and is now considered insecure by today’s standards.

Attacks

Collision

A hash collision occurs when two distinct pieces of data share the same hash value. MD5 is vulnerable to a special type of collision: under certain constraints, it is possible to create two distinct inputs \(x_1\) and \(x_2\) such that \(MD5(x_1) = MD5(x_2)\).

Here some tools that do exactly that for us :

fastcoll – MD5 collision generator.
collisions – Hash collisions and exploitations.
HashClash – MD5 & SHA-1 cryptanalysis.

Hash Length Extension

MD5, just like SHA-1, is vulnerable to the length extension attack. This attack allows a potential attacker to take a hash \(h\) for an unknown message \(m\) and append additional data to \(m\) to produce a new valid hash \(h'\) for the new message \(m' = m \parallel d\), where \(d\) is some chosen data.

All hash functions that are based on the Merkle–Damgård construction are susceptible to this kind of attack.

Resources

Wikipedia – Explanation of the attack.
Hash Extender – Tool to exploit the vulnerability.

Last updated on May 18, 2026