Is it “goodbye MD5”?

MD5 is a hashing algorithm that has been in use for a long time. One of the most common uses of MD5 has been to check the integrity of files and messages. Since 1996, a steady stream of vulnerabilities have been found in this algorithm, making it less and less suitable for security applications.

But it seems that the final nails in its coffin are being put in place. At the Chaos Communication Congress in Berlin,several researchers have presented exploits in which the same hash value has been generated with two different messages. While it has been know that theoretically it is possible to generate the same hash value with two different messages, this is the first time that it has actually been demonstrated in real life.

Previously, it was thought that it would take a few years to be able to generate two such messages. But this has now been accomplished in about 3 days using a cluster of about 200 Sony PlayStation3 video game consoles. Most industry standards such as PCI-DSS have already been discouraging the use of MD5 for some time and promoting the use of stronger hashing algorithms such as SHA1. These new exploits will certainly push developers away from MD5 for all except trivial use. At least I hope they do..

Update: Oct 22, 2009
Just wanted to put in an update. Almost every standard now requires that MD5 not be used for hashing except when it is used within TLS (more widely known as SSL). MD5 can still be used for trivial things or anything that is not sensitive.