I wrote previously on MD5 hashing algorithm and how it is discouraged by PCI DSS. The PCI SSC (Security Standards Council) has now come out with a clarification on the use of MD5 for hashing.
PCI DSS requires entities to use “strong cryptography”. The definition actually points to a NIST industry standard, and NIST has been strongly encouraging federal agencies to move to the SHA-2 family of algorithms for several years now. Even the SHA-1 family of hashing algorithms have been found to have weaknesses.
However, the PCI DSS and PA-DSS do not explicitly prohibit the use of MD5, acknowledging the prevalence of MD5 as a cryptographic technology in the marketplace. According to the PCI SSC,
it may be possible to mitigate some of the risks associated with MD5 through the implementation of additional cryptographic controls or security measures. For example, the susceptibility of MD5 hashes to rainbow table lookups can potentially be mitigated through the proper use of strong, unique salts.
The keyphrase here is “strong, unique salts”. I have been recommending that MD5 not be used in any new code. But what happens to all the implementations that are already out there? If the implementations already use a salt that is strong and unique (which in most implementations is not the case), they can go ahead and leave them as they are.
If they have to incorporate changes anyway to include proper salting, it might be better to consider moving to the SHA-2 family of algorithms (SHA-224, SHA-256, SHA-384 and SHA-512). These will also need to use salts, but at least you will have an algorithm that will likely not have to be changed for a few years.
I just wish the PCI SSC had come out and explicitly stated that new code should not be using MD5.
For encryption, industry-tested and accepted standards and algorithms include AES (128 bits and higher), TDES (minimum double-length keys), RSA (1024 bits and higher), ECC (160 bits and higher), and ElGamal (1024 bits and higher).