MD5 (Message-Digest Algorithm 5) is a message digest algorithm (and cryptographic hash function) with a 128-bit hash value. MD5 is one of a series of message digest algorithms designed by professor Ronald Rivest of MIT. It is an improvement upon its predecessor, MD4, made in response to some analytic work indicating that MD4 was likely to be insecure. MD4 was subsequently shown to be cryptographically insecure. MD5 has been widely used, and was originally thought to be cryptographically secure. However, work in Europe in 1994 uncovered weaknesses which make further use of MD5 questionable. Specifically, it has been shown that special pairs of messages can be generated which have the same hash. Unlike MD4, it is still thought to be very difficult to produce a message with a given hash.

A sample MD5 checksum in ASCII form looks like this (uses characters 0-9, a-f):

34048ce4cd069b624f6e021ba63ecde5

d41d8cd98f00b204e9800998ecf8427e

MD5 checksums are widely used in the free software world to provide assurance that a downloaded file is unaltered. By verifying a published MD5 sum's PGP signature, and then comparing a publicized MD5 sum with the checksum of a downloaded file, a user can be sure that the file is the same as that offered by the developers. This protects against trojan horses and computer viruses.

To check the integrity of a downloaded file (i.e. an ISO image), download the MD5SUM file in same folder as the file you want to verify and use an MD5 utility to compare the MD5 sum of the file to the one you got off a trusted source. On Unix and Linux systems, the md5sum command is an example of such a utility.

See also: SHA-1, RIPEMD-160, Topics in cryptography

External links