12 Aug, 2018 · 3 minutes read
MD5is a popular hash function used in computing for two primary reasons:-
One of the fundamental rules of security is not to store passwords in plaintext. The question one might ask then, is how to verify that the user has entered the correct password. Well, you can either encrypt or hash the password before storing it in the database. The difference between encryption and hashing is that the former is reversible while the latter is a one way operation. Unless you need to store password for an external application such as database, you should always choose hashing over encryption.
The password that the user provides at the time of login should be hashed on the server side and then compared against the previously stored hash in the database. One of the key properties of any hash function is that everytime a value is hashed it will always yield the same result. So, you can rest assured that even though you are comparing hashes, the user will only be able to login by providing the correct password. Actually, that is not 100% correct. There is an extremely small chance that two different values might generate the same hash. This means a user might be able to login with a wrong password. But, the chance of this happening is so low that you can totally forget about it. This is another property of a good hash function – collisions should be rare.
As computer processors become faster, MD5 becomes weaker and weaker. Designed in 1991, MD5 hash is no longer fit to be used as a hashing mechanism for passwords. These days, bcrypt is recommended as a password hash function as it is much slower than MD5, SHA-1 and even SHA-2. So, brute forcing bcrypt is extremely difficult.
Because of the fact that MD5 is a hash function and a fast one, it is extremely suited for verification of integrity of data or files. Say you have downloaded a file from the internet. How do you know that it did not get corrupted while downloading? Perhaps the file got corrupted while residing on your disk. MD5 hashes really come handy here. You can run your file through an MD5 Calculator which reads the entire file and generates the MD5 hash. The hash itself is of a fixed size, 128-bit. So, no matter how big your file is, the MD5 hash is always of the same length. It looks something like this
61634d80b55156c331d70ce370f1d028
in it’s human readable hex form. Once you get the MD5 hash of your file, you can compare it against the MD5 listed for your file on the source website. Most websites list the MD5 checksum of binary files that they allow to be downloaded. If the two hashes match you know that your file is intact.
On that note, you can try my online MD5 Hash Calculator. Despite being a web based tool, it calculates MD5 locally on your browser using JavaScript. So, there’s no uploading, your file remains safe with you and it can even work on large files as the I/O and computation happens locally on your machine. You can also paste the MD5 you obtained from the website in the calculator and it will do the comparison between it and the computed MD5 value. Isn’t that a sight for sore eyes!