Talk:MD5

From Wikipedia, the free encyclopedia

This article is part of WikiProject Cryptography, an attempt to build a comprehensive and detailed guide to cryptography on Wikipedia. If you would like to participate, you can choose to edit the article attached to this page, or visit the project page, where you can join the project and see a list of open tasks.

It is intended that this article be included in WikiReader Cryptography, a WikiReader on the topic of cryptography. Help and comments for improving this article would be especially welcome. A tool for coordinating the editing and review of these articles is the daily article box.

To-do list for MD5:	edit · history · watch · refresh
Summarise results of Berson Complete the (non-pseudocode) description of the MD5 algorithm Add information about the md5 collisions http://cryptography.hyperlink.cz/MD5_collisions.html Add information about md5x one step to double md5 hashes
Priority 3

Contents 1 Another online hashing tool 2 Byte-ordering of test hashes 3 License 4 RSA's MD5 disclaimer 5 Sfv format article 6 Input 7 Round nonsense 8 What an effort - Unrealistic 9 Diagram 10 Implementations section 11 Disputed 12 Link to IBM p690 is broken 13 Move Down Photo 14 Example? 15 Pseudocode 16 key strengthening, wtf!? 17 MD5 with SHA-1? 18 Infinite collisions 19 Colliding executable files. 20 Pseudocode wrong? 21 Pseudocode Exponents 22 One steop decryption 23 Example hashes 24 External Links change today 25 Link to useful app 26 Odds to get the same hash for different messages ? 27 md5compress / pseudocollision 28 External Link Suggestion 29 Pseudocode for k-table is dubious 30 The "google cracked MD5" comment 31 Code examples at Wikia:Code 32 Broken footnote link

[edit] Another online hashing tool

I don't know if it's ok to add this too to the external links:

[1]

May be interesting: among the other links there's one specific for MD5 hash. This is generic and, moreover, allows to upload files to be hashed online. —Preceding unsigned comment added by 87.17.86.109 (talk) 20:37, 12 January 2008 (UTC)

[edit] Byte-ordering of test hashes

I implemented the pseudo-code into Delphi and tested the empty string result - my output was correct, but the byte-ordering was reversed. For the sake of program simplicity, I split the hash into four DWORDs.

Wikipedia's result:

d41d8cd9 8f00b204 e9800998 ecf8427e

My result:

d98c1dd4 04b2008f 980980e9 7e42f8ec

Each 32-bit block has the bytes reversed.

Can anyone confirm if the hashes on the page have big-endian 32-bit blocks or if I need to make changes to my own implementation? (Note: the test program was run on Windows XP, which is naturally little-endian, and no changes were made to byte ordering after the algorithm)

WhiteCrane 23:57, 13 April 2007 (UTC)

I tried implementing it and had the same results as you, with the bytes reversed:

d98c1dd4 04b2008f 980980e9 7e42f8ec

(Using Windows 98, Intel Pentium III processor, which I think is little-endian). Make what you will of this.

Seanqtx 20:44, 12 May 2007 (UTC)

Use byte arrays then. -- intgr 10:26, 13 May 2007 (UTC)

The empty MD5 array is d41d8cd98f00b204e9800998ecf8427e, as appears on RFC 1321. --Platonides (talk) 22:28, 25 November 2007 (UTC)

[edit] License

What kind of licence is MD5 under? Can it be used in properterial software?

I don't believe MD5 is patented, so you wouldn't need a license to use it. You might need a license to use Rivest's source code (in the RFC), though, since it's copyrighted. Some pieces of proprietary software (such as mIRC) use various prewritten libraries to perform MD5 hashing, so you might be able to use one of those libraries. -- Olathe November 17, 2003

"md5-announcement.txt" is the announcement from RSA Data Security that MD5 is being placed in the public domain for free general use. Anyone may write a program implementing the MD5 algorithm for any purpose.

RSA has written a reference implementation which is the source code in this directory. This source code is copyrighted by RSA. Here are the few copyright restrictions *with using this source code*. There is no restriction on any code which implements MD5 that you write yourself.

[edit] RSA's MD5 disclaimer

Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved.

License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing this software or this function.

License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing the derived work.

RSA Data Security, Inc. makes no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided "as is" without express or implied warranty of any kind.

These notices must be retained in any copies of any part of this documentation and/or software.

[edit] Sfv format article

Hello, can someone help clean up Sfv checksum format article, as well as perhaps have a list of checksum formats as well? crc32 is a format, which sfv uses, there must be others. --ShaunMacPherson 04:33, 14 Apr 2004 (UTC)

[edit] Input

We need to reword this better:

Wikipedia --> 20ee8f504f73e6894f328d1194280bcb

WIKIPEDIA --> b2f4895c3df311be0e3b07edc0974534

Firstly, we should probably avoid self-references, so we might be better off changing Wikipedia to something else; secondly, we need to be explicit in how "Wikipedia" is interpreted into the input bitstring used by MD5. Is this string represented as ASCII? — Matt

• Feel free to have at it. I'll tell you what I was trying to do. I'd like to show somehow to the casual reader that hashes carry no easily observable characteristics of the inputs, so that something like ABC and ABCD or ABD will likely have dissimilar looking hashes. Probably belongs in cryptographic hash function or something like that, but might be a nice exercise here. Or if not, we can scrap it entirely :) Jewbacca 22:32, Aug 18, 2004 (UTC)

P.S. Found this in cryptographic hash function which expresses it well:

"Broadly speaking, the security properties are required to ensure that the digest is 'random' to prospective attackers, and does not leak any information about the message itself, and that other messages cannot be found that produce the same digest. Any change to the message, even a single bit, should result in a dramatically different message digest when re-generated from the received message."

Jewbacca 22:35, Aug 18, 2004 (UTC)

[edit] Round nonsense

Has anyone ever noticed that the concept of breaking X rounds out of a particular hash function's total is a little silly? For example, if you make a hash function out of just one group of 16 rounds in MD5, a chosen-hash attack can be done with Windows Calculator. The concept of "round" really ought to be taken to mean the number of times each input bit is reused. It is the simultaneous congruences that gives hash functions their security, and how you make those is by using each input bit more than once. -- Myria 07:21, 19 Oct 2004 (UTC)

What? --Ihope127 21:05, 11 July 2005 (UTC)

[edit] What an effort - Unrealistic

I understand that people are busy cracking these algorithms but to me, the effort required is just impossible and unrealistic. You really have to work hard perhaps for the rest of your life to get anything meaningful and by the way there is no system that is fool proof!

Simba

Hey Simba; what makes you think that the people that are busy cracking these algorithms are the ones writing encyclopedia articles, or that they will read this talk page? I suggest you duplicate your comments on sci.crypt for a better interaction with your target audience. — Matt 12:17, 19 Oct 2004 (UTC)

Does this mean that is possible to get the reverse of an MD5 hash within minutes now?

What do you mean by a reverse? mic 01:33, 29 May 2006 (UTC)

Sorry, I meant a collsion. Basically if I gave you an MD5 hash, could you tell me a collsion for it?

That's not a collision. A collision is where you create two texts which have the same hash - this has been done for MD5 many times and can be done within minutes. You're talking about a preimage, or a second preimage; no practical algorithm is currently known for this, except for generic algorithms based in guessing the original string.

As Matt Crypto says, sci.crypt is a better place for these questions; this page is for discussion of the article, not for discussion of MD5. — ciphergoth 07:26, 10 June 2006 (UTC)

[edit] Diagram

The picture does not correspond with the description of the algorithm:

to b the long expression is assigned to; in the algorithm this is a.

You're right... I fixed it. Sorry about that. -- Myria 18:19, 28 Dec 2004 (UTC)

[edit] Implementations section

I'm worried about this new section becoming a spam trap; Wikipedia isn't really meant to be a link farm. If people start adding lots of things to external links, then they can be easily removed under the argument that we only select a few high-quality links. However, if they are in an "Implementations" section, then that argument is weakened; it's hard to argue that someone's VB script MD5 school project (or whatever!) is not a valid addition to such a section. My suggestion is that we keep it as before. There's likely hundreds of MD5 implementations, and we don't really want to be listing them all. — Matt Crypto 17:12, 24 October 2005 (UTC)

We cannot keep it as it was before, because some of the links have become internal and cannot be listed under external links anymore. I didn't name the section "All implementations" however, and I'm all for culling and keeping only links that really add value. Personally I think one good implementation in C++, Java and VB is enough. People shouldn't use {VB|Java}Script for crypto in any case. Shinobu 16:41, 25 October 2005 (UTC)

Just get rid of it. It's just a spamtrap that will need constant surveillance, and Wikipedia is as always not a linkfarm. Haakon 20:07, 26 March 2006 (UTC)

I think I agree with you. We did this on SHA hash functions, and it's better for it. People can't seem to resist the temptation to advertise on our hash function pages, for some reason. It's been happening for months, if not years. Ideally, we should link instead to a page that lists MD5 implementations, and indeed we do, the "Unofficial MD5 homepage". — Matt Crypto 22:39, 26 March 2006 (UTC)

If you like you can direct these people to my wiki LiteratePrograms.org where I would be happy to accept their implementations as contributions. Sometimes they just need an outlet. Deco 10:13, 10 June 2006 (UTC)

There is a case for linking to the Dyalog implementation or listing it as well as the pseudocode. Kenneth Iverson derived the APL programming language from the mathematical notation he devised for describing algorithms; describing algorithms is what the language was designed for. While an IBM Fellow he launched Expository Programming, a forerunner of Literate Programming, using APL as a descriptive and executable notation for teaching and exploring algorithms in various fields, such as X-ray crystallography. The CMN versions of the F G H and I functions in the algorithms section of this article are clearly recognisable in the APL source. 5jt (talk) 14:34, 10 April 2008 (UTC)

[edit] Disputed

"... because the current collision-finding techniques allow the preceding hash state to be specified arbitrarily, a collision can be found for any desired prefix."

This seems to be claiming that preimage attacks exist for MD5, whereas I thought only collision attacks had been demonstrated. If it's not saying that, I think it needs to be rephrased for clarity. -- Antaeus Feldspar 22:33, 16 November 2005 (UTC)

It's not saying that preimage attacks exist, but that you can specify an arbitrary prefix in your collision. I believe that's accurate, or at least if the length of the prefix is a multiple of the message block size. That is, if you have a prefix X, you can find a collision of the form X || Y₁ and X || Y ₂ such that H(X || Y₁) = H(X || Y₂) (where || means concatenation, H is the hash function). — Matt Crypto 23:01, 16 November 2005 (UTC)

I think that's called length-extension, and it is a feature of most digest functions, so they can operate on unbounded streams of data, whithout requiring unbounded memory. 193.230.245.6 13:28, 17 November 2005 (UTC)

OK, I think I see what you're saying -- it's not saying that for any prefix, you can find another prefix which collides with it (which equates to a preimage attack); rather, it's saying that you can start with any one prefix and create two colliding files which share that prefix. Can we rephrase it to make the distinction more clear? -- Antaeus Feldspar 23:05, 17 November 2005 (UTC)

MD5 is no longer safe. plz look at: MD5 Collision Generation http://www.stachliu.com.nyud.net:8090/collisions.html

Well, we're aware that MD5 is vulnerable. The problem is that many people wrongly interpret what they've heard about MD5's vulnerability. Many of the security applications which use MD5 which people think are now broken are not, because in order to exploit them, you would have to find a way to derive, for a given MD5 hash, a file which has that hash. This is called a "preimage attack"; no preimage attacks against MD5 are known. What can be done against MD5 now, which compromises some security applications, is a "collision attack"; which means being able to create two files which will have the same hash -- even though it is not (currently) possible to control which hash that will be. Therefore, while some attacks are now possible with MD5, it's an exaggeration to declare with no clarification that it is "no longer safe". -- Antaeus Feldspar 18:59, 20 November 2005 (UTC)

[edit] Link to IBM p690 is broken

I am just trying to report a broken link IBM p690. According to IBM (http://www-03.ibm.com/servers/eserver/pseries/hardware/highend/p690.html) the p690 series is no longer on the market.

[edit] Move Down Photo

uhh motion to move down that photo to the first paragraph under heading 1... at first glance, it looked like i was looking at a biography of some dude named MD5...--Htmlism 00:11, 13 February 2006 (UTC)

Agreed and done. Deco 01:09, 13 February 2006 (UTC)

[edit] Example?

I've added (or just about to) add an external link to a site that gives someone an md5 hash. that is one thing that this page is missing http://www.instantmd5.com/

Moonrat506

I removed your link. There are countless such sites online, and they don't have much value for this article. Also, instantmd5.com is your own site, and you should generally not use Wikipedia as a vehicle for promoting your own sites. Please refer to WP:EL if you want to learn more about Wikipedia's policy for external linking. Thanks. Haakon 18:57, 11 April 2006 (UTC)

Agreed: please don't add your own site. — Matt Crypto 23:24, 11 April 2006 (UTC)

Thought it would be handy. Moonrat506 14:19, 12 April 2006 (UTC)

How come the external links section currently has a link to one site that can be used to lookup MD5 hashes, whereas all the other links to similiar sites have been removed? Any particular reason for doing so?

It's useful to have a link to one, but not particularly useful to have a dozen. — Matt Crypto 05:49, 9 May 2006 (UTC)

[edit] Pseudocode

• That isn't pseudocode.

• I second that! Is it possible for someone with an understanding of the algorithm to rewrite pls?

To the above, I don't know if you're getting unexpected results or not, but at first I did. But then I noticed it said "LITTLE-ENDIAN", after converting my big-endians to little-endians, everything worked. The pseudocode is good, just be aware of endian-ness.

Pseudocode and comments both cause the above problem. Because they can't be executed, they require human interpretation, and can't be tested for correctness. Supplement the pseudocode with the executable (and tested) version in Dyalog APL, a language originally designed as a mathematical notation for describing algorithms. (See Implementations section for more on this.) 5jt (talk) 11:25, 16 April 2008 (UTC)

[edit] key strengthening, wtf!?

"Also, it is a good idea to apply the hashing function (MD5 in this case) more than once—see key strengthening. It increases the time needed to encode a password and discourages dictionary attacks."

That is stupid. double md5 makes dictionary attacks and rainbow crack easier, because it makes content have known, fixed size and limited character set. It makes input with (theoretically) infinite complexity a simple string with 2^128 known combinations.

You are mistaken. 2^128 combinations is far too many for any table lookup approach to be practical today. However, applying a hash function multiple times increases the cost of a dictionary attack proportionately and can be an effective security measure. The term you are looking for is key stretching, not key strengthening.

Of course MD5 is no longer recommended for any application, but the point stands.

Also, please sign your messages by appending ~~~~ when you write them. Thanks! — ciphergoth 08:19, 13 June 2006 (UTC)

MD5 encryption? Should it not be MD5 coding.

[edit] MD5 with SHA-1?

This article says SHA-1 is now prefered over MD5. Naively, it seems that an MD5 sum and a SHA-1 sum, together, would be stronger than either one, even if MD5 is suspect on its own. Is that right in theory? In practice? —Ben FrantzDale 15:24, 15 June 2006 (UTC)

By "together", do you mean the new hash function being the concatenation of the two sums, or function composition? — Matt Crypto 19:21, 15 June 2006 (UTC)

Yes. As in, the MD5+SHA-1 of the empty file would be

   d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709

—Ben FrantzDale 20:35, 15 June 2006 (UTC)

I have been wondering about almost the same thing - see Talk:SHA_hash_functions#Combining_SHA1_.2F_MD5 - this would be function composition. I assume that there is an answer to this question around somewhere, as it appears to not be a new idea - any ideas where?

[edit] Infinite collisions

Since there are an infinite number of inputs but only a finite number of ouputs, does that mean MD5 technically has an infinite number of colliding inputs? If not, is there a way to calculate exactly how many collisions there are? --Tim1988 ^talk 17:39, 21 August 2006 (UTC)

Yep. It must have at least one collision by the pigeonhole principle. Further, assume you have a complete finite list of any inputs that are part of at least one colliding pair. Then consider the remaining inputs not on this list, of which there are a still-infinite number. Using the pigeonhole principle, you can again prove there's another collision amongst those remaining, contradicting the assumption that the finite list is complete. Hence there must be an infinite number of colliding inputs. Of course, proving existence is easy; finding them is, or rather was, the tricky bit. — Matt Crypto 19:05, 21 August 2006 (UTC)

Thank you for the explanation :) --Tim1988 ^talk 21:42, 22 August 2006 (UTC)

[edit] Colliding executable files.

User:Superm401 added a ^{[citation needed]} tag to this text in secition "Applications": "Now that it is easy to generate MD5 collisions, though, it is possible for the person who creates the file to create a second file with the same checksum, so this technique cannot protect against some forms of malicious tampering."

I removed the tag since it is a true statement and we already do have have a refence for it. There is a link to a detailed description of how to do it in the "External links" sections. That is the link Two colliding executable files.

If you know a little about how executables work and how the 2005 MD5 attack works and a little about hacking it is a pretty easy trick to do. Here is an explanation how to do that attack I came up with even before seing that link:

The 2005 MD5 attack works by manipulating a small number of bytes in a special fixed position near the beginning of a file. So only some bytes are changed when doing collisions with that attack. The rest of the file will keep the exact same content. So the attacker codes up a nice executable that contains a bunch of functions that does good work. But he also designs the functions so they can do evil work if called in the right order or with the right parameters. And in the special position in the executable that he will have to change to create a colliding executable he puts a constant value in the source code. That is, he stores some constant in that position. When he manipulates that position to find collisions that constant will change, but no other part of the program. Then at runtime the program can check that constant in an if-statement. If the constant is the original one the executable behaves nice. If the constant is the changed one the executable then choses to do its evil work. So the attacker first publishes the nice version of the file and people will test it and say it is nice and publish the MD5 sum of it. Later he will publish the evil version of the file instead. And that version has the same MD5 sum but does evil work instead.

There are many other ways to use the (random) change of bytes in that position. This was just one simple example.

--David Göthberg 23:53, 25 October 2006 (UTC)

[edit] Pseudocode wrong?

The pseudocode looks wrong...

I'm not an expert, but things seem off right from the beginning:

RFC1321(http://www.faqs.org/rfcs/rfc1321.html) says:

3.3 Step 3. Initialize MD Buffer

   A four-word buffer (A,B,C,D) is used to compute the message digest.
   Here each of A, B, C, D is a 32-bit register. These registers are
   initialized to the following values in hexadecimal, low-order bytes
   first):

          word A: 01 23 45 67
          word B: 89 ab cd ef
          word C: fe dc ba 98
          word D: 76 54 32 10

However, the pseudocode says the following (which looks more like the initial values for SHA):

//Initialize variables:
var int h0 := 0x67452301
var int h1 := 0xEFCDAB89
var int h2 := 0x98BADCFE
var int h3 := 0x10325476

—The preceding unsigned comment was added by 74.122.57.137 (talk) 20:02, 11 April 2007 (UTC).

What exactly is the discrepancy? As far as I can see from a cursory look, the pseudocode does exactly what the quote from the spec says. Oli Filth 20:38, 11 April 2007 (UTC)

Never mind! It's just confusing due to differences in endianness. —The preceding unsigned comment was added by 74.122.57.137 (talk) 21:09, 11 April 2007 (UTC).

[edit] Pseudocode Exponents

Can we find a better solution to represent "2 to the power of 32" in the pseudocode? (Currently represented as "2^32".) I looked at the code and couldn't figure out if it was supposed to be an exponent or an XOR operation. I had to go dig up a few external source implementations to confirm that it is "2 to the power of 32" and not "2 XOR 32".

I looked at the Wikipedia:Algorithms on Wikipedia article for guidance, but found no reference to XOR operations. Based on the way it is written, however, I assume that the two operations should be:

2 pow 32
2 xor 32

That would clarify which operation we're talking about. Does anyone mind if I change the pseudocode to match? --Jbanes 15:10, 26 April 2007 (UTC)

I'd be in favour of a change to the words "pow" and "xor" as per "mod" on Wikipedia:Algorithms on Wikipedia. Martin Hinks 16:35, 26 April 2007 (UTC)

It's done then. Hopefully the next person who comes along won't be as confused by it. :) --Jbanes 20:17, 26 April 2007 (UTC)

[edit] One steop decryption

If anyone knows the RFC for the one step decryption of the MD5 algorithm please fix it, I can't find it. I am just using the number I found from another website for now - but it is wrong Comperr 02:58, 29 April 2007 (UTC)

Yes, RFC 3876 is unrelated to MD5. I can neither find an RFC for MD5x nor any other reliable definition of MD5x. It may not be a standard at all. In any case it is better to just delete that part than promoting wrong information. 85.2.53.198 16:16, 29 April 2007 (UTC)

True - I know it exists but I can't seem to find it...looking now —The preceding unsigned comment was added by Comperr (talk • contribs) 02:51, 11 May 2007 (UTC).

[edit] Example hashes

  MD5("The quick brown fox jumps over the lazy dog") 
   = 9e107d9d372bb6826bd81d3542a419d6

Even a small change in the message will (with overwhelming probability) result in a completely different hash, e.g. changing d to c:

  MD5("The quick brown fox jumps over the lazy cog") 
   = 1055d3e698d289f2af8663725127bd4b

Surely it would be better to use "dog" and "eog"?

The ASCII character codes for "c", "d" and "e" are 99, 100, and 101, respectively, or, in binary:
99 = 1100011
100 = 1100100
101 = 1100101

Using "c" changes three bits. Using "e" only changes one. The smallest change, in terms of bits, in the message would be using "e" instead of "d".

- Seanqtx 22:43, 11 May 2007 (UTC)

[edit] External Links change today

Hi, I wanted to let everyone (esp Feezo) know that I was the one who added the External link [2] to the code comparison wiki. I know that spam is a problem, and that there is a notice not to add External links, AND that I did that anonymously. I apologize. But I think it's ok to put this link back since the site seems to be working, and it wasn't spam to begin with. Then again, I was having a problem with the site all last week and the site looks a little sparse, so maybe we should wait a while before putting it back up. What do you think? -- C-Blade 00:10, 10 July 2007 (UTC)

I agree with the removal of the link. The target page only contains stub-like info, and there's already a list of links to language-specific implementations. Oli Filth 00:42, 10 July 2007 (UTC)

By the way, I noticed that one of the references: The Status of MD5 After a Recent Attack is broken now. I couldn't find another copy of it online. C-Blade 04:07, 10 July 2007 (UTC)

[edit] Link to useful app

I just found this useful program and I think it should be linked to from this article. It is a windows app that generates a md5 hash of any given file. I am not sure if it is appropriate, so I am posting here to see if anyone else will do it for me. The address is www.way2web.net/?md5app 220.101.108.93 08:00, 17 July 2007 (UTC)

I have built a simple webpage that calculates md5 and sha1 checksums, because I was constantly referring to the web to get those. The link provided in wikiedia is broken. This is my site: www.md5generator.tk or md5generator.awardspace.com. It would be nice if you could include it on wikipedia. Thanks 190.64.107.104 (talk) 18:44, 13 February 2008 (UTC)

[edit] Odds to get the same hash for different messages ?

I could not find an authoritative source for my last addition to the article, please check it, and add a good source if you can find one. My figures come from various Usenet threads, for instance this one: [3]. Nicolas1981 16:07, 19 July 2007 (UTC)

I'm pretty sure it's 1/2¹²⁸, not 1/2⁶⁴. Therefore I'm going to remove the addition for now (as Usenet is not a reliable source). Oli Filth 17:36, 19 July 2007 (UTC)

[edit] md5compress / pseudocollision

Writing the equation md5compress(I,X)=md5compress(J,X) is meaningless if you don't tell us the role of X in this equation, or how md5compress is related to the pseudocode below. -- 62.3.242.174 14:07, 29 August 2007 (UTC)

Is it any better after this edit? -- intgr ^#%@! 08:08, 30 August 2007 (UTC)

[edit] External Link Suggestion

I have a suggestion for an external link

Simple tool to calculate MD5 of a file on MS Windows

It is a very simple free program for MS Windows that allows you to right click on a file and get the MD5 checksum.

I tried some of the other external links to get a checksum of a file but I found some the md5 tools unhelpful or hard to use. This tool is very very easy to use and install. Like I said it is free and the author has no ads on his page which is also nice.

This is my first addition to a Wikipedia discussion page. I don't fully understand how this discussion works so use the link if you want, or don't use, I don't care. I found it useful and I was trying to give something back to Wikipedia which I use all the time.

71.42.178.154 15:13, 1 October 2007 (UTC)

Another link.

Microsofts' free download utility to calulate MD5 or SHA1 checksums JBadger169 19:41, 25 October 2007 (UTC)

[edit] Pseudocode for k-table is dubious

It is correct that the constants in the k-table were derived by the function given (based on sin(i)). But that is hardly a guarantee that they can be reproduced that way, unless the behaviour of the pseudocode sin() is specified in greater detail. The k-table should be defined by the actual constants used by the MD5 reference implementation. Athulin 06:18, 23 October 2007 (UTC)

[edit] The "google cracked MD5" comment

At the end of the "Vunerability" section I changed:

Supposedly, Google has also been reported to been able to decode MD5 hash to figure out passwords.

To:

The use of MD5 in some websites' URLs means that Google can also sometimes function as a limited tool for reverse lookup of MD5 hashes.[6] This technique is rendered ineffective by the use of a salt.

The referenced article is very clear about the fact that Google just happens to have picked up on MD5 hashes in webpages (along with enough context to figure out what key had been used for that hash), not that Google has deliberately decoded them. One comment talks about generating lookup tables as webpages for Google to index, although they didn't have much luck and would be restricted to some reasonable dictionary. Another comment talked hypothetically about how Google's many servers could be used to brute-force a single hash, which is certainly not worth mentioning.

I'm not even convinced that the text I've left now is worth mentioning, since it's less useful than other methods (as that article's author pointed out). It's simply an enjoyable gimmick (one that I certainly enjoyed), and further encouragement to use salting. Quietbritishjim (talk) 16:23, 25 November 2007 (UTC)

[edit] Code examples at Wikia:Code

I wonder if it would be helpful to include a link to code.wikia.com examples in different languages. Still looks a bit sparse, but maybe by adding the link, it will be filled out more. I definitely don't think the code examples belong in the article on Wikipedia, but they're a nice reference. C-Blade (talk) 08:05, 29 December 2007 (UTC)

[edit] Broken footnote link

I think that the link in footnote1 (next to the word "insecure") in the opening portion of the article returns a "page not found" error. If others are getting the same thing then I suggest that the footnote be removed. Thanks. --Wam067 (talk) 19:42, 22 February 2008 (UTC)