Its a formula - a way to take a message of an arbitrary length, and create a 128-bit "fingerprint" or "message digest" of the message. MD5 is a way to verify data integrity. On these forums, it comes up fairly often in discussions about storing user passwords and other sensitive data.
No. It is simply a one-way fingerprint of the message. It doesn't include the original message, and you can't (generally) use the fingerprint (the md5sum) to 'figure out' the original message.
Okay, so you take a message - like a password - and generate an MD5sum from it.. Can't you brute-force that?
Like any password system, you could attempt to brute force the answer. However, MD5sum's are in a 128-bit space, meaning that to brute force it would take 2^128 attempts - thats over 3 with 38 zeroes after it.
Neat! Thats a lot. Are there any flaws in the algorithm that could speed it up?
A birthday attack is based on the theory that there *might* be *one* md5sum that matches multiple inputs. In theory, it is possible that a "birthday" attack could be possible - two md5sum hashes could be the same. But even then, the total number of brute forces is at 2^64 attempts - still a heck of a lot.
Okay. But couldn't (insert super-sneaky government agency here) build an md5 dictionary, and know what the password was with the md5?
Yes. Its entirely possible. However - it would take some work to do so. For example, just for a dictionary consisting of Alphabet letters (upper and lower), and numbers, there would be 46,656,000,000 entries - all at 32 characters each. Thats over 1 terabyte of data to store and search! It could be done - absolutely. But is it likely?
So its hard to brute force, what about dictionary attacks?
Dictionary attacks are a way of attacking poor passwords - most people use words in their passwords. If you can guess the word - for example, "love", then you can cut down the number of tries it would take. Of course if you guess right, then your # of attacks = 1. However, in general, using common computers as of the writing of this (2005), you can generally get roughly 5 million attacks per second, or fast enough to guess all 8-character Alphanumericals within 497 days.
A similar method is SHA1 - a more secure 160-bit hashing algorithm. That makes it *much* more secure against brute-force, birthday attacks, and other forms of assault. There are yet more hashing algorithms that are even stronger - but MD5 and SHA1 are both natively supported in the latest PHP, and should be sufficient for most projects.
Allright - I'm sold. Tell me how to use it to store passwords and check them
There are three things we are protecting against - the stored passwords, the transmission of the passwords, and the replay of the password. Each is very different. Lets start with the stored password. We need to take a password, and store it in a variable. Then we need to check that variable against what the user entered:
MD5 is a very useful means to protect user's passwords online - if used correctly. Its not encryption, but it does help prevent whole databases of passwords being compromised.