14th

The MD5 message-digest algorithm is a widely used producing a 128- hash value. Although MD5 was initially designed to be used as a , it has been found to suffer from extensive vulnerabilities. It can still be used as a to verify , but only against unintentional corruption. It remains suitable for other non-cryptographic purposes, for example for determining the partition for a particular key in a partitioned database.

MD5 was designed by in 1991 to replace an earlier hash function , and was specified in 1992 as .

One basic requirement of any cryptographic hash function is that it should be to find two distinct messages that hash to the same value. MD5 fails this requirement catastrophically; such can be found in seconds on an ordinary home computer.

The weaknesses of MD5 have been exploited in the field, most infamously by the in 2012. The considers MD5 essentially "cryptographically broken and unsuitable for further use".

As of 2019, MD5 continues to be widely used, in spite of its well-documented weaknesses and deprecation by security experts.

参考资料：

MD5 消息摘要算法是一种应用广泛的散列函数，可以生成一个 128 个比特位的散列值。MD5 是 Ronald Rivest 在 1991 年设计的，用以取代 MD4，1992 年 MD5 收录于 RFC 1321。虽然 MD5 的设计初衷是用于密码散列，但是他已经被发现存在漏洞——两条不同的消息可能会生成相同的散列值，即散列冲突，在一个普通的家用电脑上，只需几秒钟便可以找到这种冲突，这对一个密码散列函数来说无疑是致命的。2012 年臭名昭著的 Flame 病毒便是利用了 MD5 的漏洞。

MD5 可以作为校验和，来验证数据的完整性，但是，MD5 只能针对数据意外损坏的情况（换言之，人为篡改是无法有效检验的）。一些非加密场景也能用到 MD5，比如数据库分区时确定特定关键字所处的分区。