The MD5 is a common hash algorithm that works as a one-way cryptographic function that accepts a string of any length and returns a fixed length digest value (128-bit hash function). This hash function was first used to authenticate digital signatures. Although it was used in many situations, it is now considered unsafe to use MD5 for encryption. There are many malicious ways to generate MD5 collisions in a web application. There are many servers that use an MD5 algorithm for session hash function. As this algorithm is vulnerable, the attacker can easily crack these hash value using a brute-force attack. An attacker can perform a collision attack on applications using MD5 using a weak computer. MD5 is also vulnerable to attacks chosen-prefix collision attack. Chosen-prefix collision attack is a collision attack by which an attacker can manually select two documents and encrypt them to produce same hash value.
Example
The following code is used to declare md5
string md5 ( string $str [, bool $raw_output = FALSE ] )
Impact
The impact include:-
- Brute-force attack
- Collision attack
Mitigation / Precaution
Beagle recommends the following fixes:-
- Use Slow Password Hash such as BCrypt, PBKDF2, SCrypt and many more similarly working hash functions.
