The MD5 encryption algorithm has been compromised through a real-world, practical, low-cost attack. Using consumer-grade hardware, MD5 hashes can be generated at over 258.7 million hashes per second, allowing an attacker to reasonably exhaust password keyspace in a trivial amount of time. Using pre-computed hash tables, the disclosure of a MD5 password hash typically means that the password has been cracked.

Due to the encryption algorithm being compromised through cryptanalysis, it is generally accepted that it should no longer be used. It is recommended that an alternate, stronger algorithm be used to ensure data is properly protected.

• CVE ID: 2011-0009 (see also: NVD)
• Related OSVDB ID: 45127 70661
• Generic Informational URL: http://en.wikipedia.org/wiki/MD5
• Other Advisory URL: http://eprint.iacr.org/2010/643
  http://tools.ietf.org/html/rfc6151
  http://www.cs.colorado.edu/~jrblack/papers/md5e-full.pdf
  http://www.troyhunt.com/2012/06/our-password-hashing-has-no-clothes.html
  http://www.win.tue.nl/hashclash/On%20Collisions%20for%20MD5%20-%20M.M.J.%20Stevens.pdf
• News Article: http://www.dailytech.com/MD5+Is+Officially+Insecure+Hackers+Break+SSL+Certificates+Impersonate+CA/article13842.htm

• Xiaoyun Wang - Shandong University
• Hongbo Yu - Shandong University