MD5, PCI-DSS and Security

Update: There is a more recent post on using MD5 and its impact on PCI DSS.

PCI-DSS 1.2 discourages the use of MD5, in favor of the newer and better SHA1 algorithm. But I keep getting questions on whether use of MD5 is a security threat or whether it will impact PCI compliance.

MD5 is an older algorithm in which weaknesses have been identified over the years. There have been instances where two different values have been demonstrated to result in the same hash value. This is called a collision.

For instance, the value “5f4dcc3b5aa765d61d8327deb882cf99” is the MD5 hash of the word “password”. Let’s say that this hash is stored in the DB instead of the word itself in clear text. If another phrase also results in the same hash, that is a problem since a user that does not actually know the original password may be able to login to an application.

Another scenario is when a SSL/TLS certificate is signed with a MD5 hash. An attacker could create a certificate that results in the same hash value. This would mean that any visitor visiting the attacker’s site could think that they were visiting a legitimate site. The web browser would not complain since the hash signature that it computes from the contents of the certificate would match the hash signature attached to the certificate.

OWASP has come out with a recommendation that MD5 should not be used for critical functions such as hashing passwords. However, it can be used within the TLS process. This is because the TLS tunnel itself protects the hashes that are generated from exposure. It can also be used for trivial functions that do not impact security.

So, as long as it is used within TLS (by the TLS implementation, not by developers) and it is not used for any critical functions, use of MD5 should not impact PCI compliance or security.