MD5 (Message-Digest algorithm 5) is a unidirectional 128-bit “hash” algorithm. MD5 is a method by which it is possible to transform a word into an MD5 hash, but with an MD5 hash it is never possible to find the word that originated it.
What does this mean?
MD5 is very useful when you want to store passwords. Because a password like "12345678" for example generates the MD5 hash "25d55ad283aa400af464c76d713c07ad" (always without quotes), but if someone discovers the MD5 hash, they will be unable (theoretically) to find the password that generated it.
Practical Use
A website administrator who values the authenticity of operations asks their user to create a password. They type it in, and when saving, the script will generate the MD5 hash, and only this will be stored. Thus, even if the administrator accesses their database and views the password, what they will see is only the MD5 hash. Then, when the user returns to the site and enters the password, the script will generate the MD5 hash as it did the first time, and compare it with what is stored. If the generated MD5 Hash is equal to the stored one, access will be granted; if it's different, it will be denied.
Examples
Below are some characters "words", or passwords, and their MD5 hash
|
Text Character |
MD5 hash |
|
12345678 |
25d55ad283aa400af464c76d713c07ad |
|
silviolobo |
e8571a7f8d9d0e95b2448784e0b02396 |
|
Amor |
5da2297bad6924526e48e00dbfc3c27a |
|
Fé |
01e973a860fe82b0bae4c529c857348c |
|
a |
0cc175b9c0f1b6a831c399e269772661 |
MD5 with long characters, files, what changes?
MD5 can be used for signing programs or files. An example of a long MD5.
|
Our Father who art in Heaven, hallowed be Thy Name, Thy kingdom come, Thy will be done, on earth as it is in Heaven. Give us this day our daily bread; and forgive us our trespasses, as we forgive those who trespass against us, and lead us not into temptation, but deliver us from evil. Amen. |
|
MD5 hash: 99d155a830d49cab342b6e539156c6c1 |
I will remove the accent from "amém" and check how the MD5 hash looks
|
Our Father who art in Heaven, hallowed be Thy Name, Thy kingdom come, Thy will be done, on earth as it is in Heaven. Give us this day our daily bread; and forgive us our trespasses, as we forgive those who trespass against us, and lead us not into temptation, but deliver us from evil. Amem. |
|
MD5 hash: a0d86fea9f6c226fb357863616e82751 |
I kept the text identical, but in the first one where the word "amém" was accented, the MD5 hash was "99d155a830d49cab342b6e539156c6c1". In the second case, where "Amem" was used, the MD5 hash was "a0d86fea9f6c226fb357863616e82751".
A single accent modifies the MD5 hash, so it is ideal for verifying the integrity of files and documents. And you will find various files on the internet, with disk images (Linux, programs) that, along with the file, you will find the MD5, which will be used to compare that your "downloaded" file is intact.
Security! Is it possible to recover the "original" that generated the MD5?
Theoretically, no! But there are tools on the internet that serve as Dictionaries. Thus, each time a person types a word, it generates the MD5 hash and stores it in a database. In the future, when someone types an MD5 hash, it searches the database and displays the word that was registered in the past.
An example is http://md5.networkcore.eti.br/
If you have monstrous luck, you might find a password. However, don't waste time trying to recover a file by correcting integrity errors.
Characteristics
The md5 hash is an alphanumeric string of 32 characters.
Easily used in PHP with the md5() function. Example: md5($string).
Crucial question: Is it possible for two MD5 hashes to be the same?
Yes, but it would be something extremely rare, very rare. Furthermore, this doesn't really pose a problem given its purpose.
Notes: MD5 was developed by RSA Data Security. It is, broadly speaking, a complex calculation performed with each of the presented characters, whether from a password or program code or file; MD5 hash is what we call the result of this calculation.
