MD5, which is short for Message-Digest algorithm 5, is a cryptographic function used to create hash values that are 16 bytes in length (128 bits).
MD5 has been specified in the RFC 1321 and has been used widely in many different security applications; and is most commonly used in digital certificates or also widely known as the SSL certificates.
Another common use of MD5 is for checking the integrity of files. The MD5 function is mainly used as a hash value function.
This means that once the data has been processed, a 128-bit value is generated, and this value is not reversible. So effectively, given a 128-bit hash value, it is impossible to construct the actual data by reversing the hashing algorithm.
MD5 is the successor of MD4 and was designed by Ron Rivest in 1991. MD5 provides a fixed output of 128 bits for any variable length input. The algorithm of MD5 works on 512 bits at any given time, so the message is padded with extra bits if the entire length of the message is not divisible by 512 bits.
The 512 bits of data are further divided into four 32-bit words, and the actual processing takes place on these four 32bit words.
The MD5 algorithm has been broken on five occasions. The first attempts to break the algorithm were made in 2004, followed by further attempts in 2005, 2006, 2007, and finally in 2009.
MD5 proved to be weaker and weaker at each level of circumventing the algorithm. Finally, it has been announced that MD5 cannot be considered secure for advanced applications like SSL certificates or digital signatures.
MD5 has been widely used for assuring the integrity of files. MD5 has also been implemented for storing the passwords. This is done by creating a 128-bit hash value of the input password and storing the file. As the hash value is irreversible, the password cannot be obtained in clear text through a reversal of the algorithm.
Due to the recent weakness found in MD5, a more secure alternative is being pushed forward, which is the SHA-2 algorithm.