What is the clash rate for md5?

security hash cryptography md5 hash-collision
Adam Lee picture Adam Lee · Jan 13, 2012 · Viewed 21.2k times · Source

What's the probability for the clash for the md5 algorithm? I believe it is extremely low.

Answer

CodesInChaos picture CodesInChaos · Jan 13, 2012

You need to hash about 2^64 values to get a single collision among them, on average, if you don't try to deliberately create collisions. Hash collisions are very similar to the Birthday problem.

If you look at two arbitrary values, the collision probability is only 2-128.

The problem with md5 is that it's relatively easy to craft two different texts that hash to the same value. But this requires a deliberate attack, and doesn't happen accidentally. And even with a deliberate attack it's currently not feasible to get a plain text matching a given hash.

In short md5 is safe for non security purposes, but broken in many security applications.

Related questions

Fundamental difference between Hashing and Encryption algorithms

I see a lot of confusion between hashes and encryption algorithms and I would like to hear some more expert advice about: When to use hashes vs encryptions What makes a hash or encryption algorithm different (from a theoretical/mathematical …

Read More
How can I hash passwords in postgresql?

I need to hash some passwords with salt on postgresql, and I haven't been able to find any relevant documentation on how to get that done. So how can I hash passwords (with some salts) in postgresql?

Read More
Where do you store your salt strings?

I've always used a proper per-entry salt string when hashing passwords for database storage. For my needs, storing the salt in the DB next to the hashed password has always worked fine. However, some people recommend that the salt be …

Read More