Computes a digest from a string using MD5. Learn more about MD5 in the MD5 explained section of this page.
I use Bouncy Castle for the implementation.
What is MD5?
MD5 is a message-digest algorithm. It's used to compute a hash value in cryptography. So what's an hash function then? Simply put, a hash function takes a block of data and returns a fixed-size bit string (hash value). The data used by hash functions is referred to as a "message", while the computed hash value is referred to as the "message digest".
When to use MD5?
MD5, like other hash functions, is used in digital signatures, message authentication codes, to index data in hash tables, for finger-printing, to detect duplicate data, uniquely identify files, and as checksums to detect accidental data corruption.
How big is a MD5 hash value?
MD5 produces a 128-bit (16-byte) hash value. It's usually represented as a hexadecimal number of 32 digits.
How can I decrypt MD5?
You can't! MD5 is NOT an encryption algorithm! A lot of people are under the impression that MD5 encrypts data. It does no such thing. All it does is compute a hash value for a given set of data.
How do I reverse MD5?
You can't! MD5 is NOT reversible. Hash functions are used as one-way methods. They take the data (messages) and compute hash values (digests).
The inverse can't be done.
To better explain why a MD5 is NOT reversible, here's very simple example:
Using MD5 on text data of 750,000 characters, we obtain a mere 32 digits digest. Now if I wanted to revert this, how could I possibly determine with exactitude which 750,000 characters were used from just 32 digits?!? This would be the BEST compression algorithm in the world :P
What about possible collisions?
To get a collision, on average, you'll need to hash about 6 billion files per second for 100 years. Read about the Birthday Paradox to know more.
What are rainbow tables and why should I care?
Rainbow tables are reverse-hash lookup tables. Because MD5 computes the same hash value for a given message, it's fairly easy to use brute force to lookup a value. For example, one could precompute the digest of all 8 characters alpha-numeric combinations and they could then scan a password table to see which password corresponds to which digest. This is one of the reason why you should use a salt to compute your password digest.
People say MD5 is not secure, is that true?
MD5 was proven to be non-collision resistant. BUT it really depends on where and how you use it.
If you intend to use MD5 as a simple checksum algorithm or for a unique constraint on a database table, it'll work perfectly. MD5 is compact (only 32 digits!), therefore inexpensive on storage, and is also crazy fast to compute. Just avoid using MD5 for password digests or other HIGHLY critical security systems. There are LOTS of security guideline on the web to help you out. If you are unsure about using MD5, you can try SHA-256 instead.