Can two different strings generate the same MD5 hash code?

by

For a set of even billions of assets, the chances of random collisions are negligibly small — nothing that you should worry about. Considering the birthday paradox, given a set of 2^64 (or 18,446,744,073,709,551,616) assets, the probability of a single MD5 collision within this set is 50%. At this scale, you’d probably beat Google in terms of storage capacity.

However, because the MD5 hash function has been broken (it’s vulnerable to a collision attack), any determined attacker can produce 2 colliding assets in a matter of seconds worth of CPU power. So if you want to use MD5, make sure that such an attacker would not compromise the security of your application!

Also, consider the ramifications if an attacker could forge a collision to an existing asset in your database. While there are no such known attacks (preimage attacks) against MD5 (as of 2011), it could become possible by extending the current research on collision attacks.

If these turn out to be a problem, I suggest looking at the SHA-2 series of hash functions (SHA-256, SHA-384 and SHA-512). The downside is that it’s slightly slower and has longer hash output.

More Related Contents:

  1. Is it possible to decrypt MD5 hashes?
  2. How come MD5 hash values are not reversible?
  3. Is calculating an MD5 hash less CPU intensive than SHA family functions?
  4. Is it possible to decrypt MD5 hashes?
  5. What is the clash rate for md5? [closed]
  6. How does password salt help against a rainbow table attack?
  7. Salting Your Password: Best Practices? [closed]
  8. Is there an MD5 Fixed Point where md5(x) == x?
  9. How long to brute force a salted SHA-512 hash? (salt provided)
  10. How are hash functions like MD5 unique?
  11. Is MD5 still good enough to uniquely identify files?
  12. How can it be impossible to “decrypt” an MD5 hash? [duplicate]
  13. Best practice for hashing passwords – SHA256 or SHA512?
  14. How do I hash a string with Delphi?
  15. How can I generate an MD5 hash in Java?
  16. Is “double hashing” a password less secure than just hashing it once?
  17. What data type to use for hashed password field and what length?
  18. hash function in Python 3.3 returns different results between sessions
  19. How to decrypt a SHA-256 encrypted string?
  20. Is it safe to ignore the possibility of SHA collisions in practice?
  21. Is SHA-1 secure for password storage?
  22. Are there any SHA-256 javascript implementations that are generally considered trustworthy? [closed]
  23. How to hash a string in Android?
  24. Possible to calculate MD5 (or other) hash with buffered reads?
  25. When is CRC more appropriate to use than MD5/SHA1?
  26. Why is ‘397’ used for ReSharper GetHashCode override?
  27. Compute a hash from a stream of unknown length in C#
  28. Why are 5381 and 33 so important in the djb2 algorithm?
  29. node.js hash string?
  30. MD5 hash from file in C++

Leave a Comment