The main use of MD5 – at least if my computer is any guide – is to check that a file you have downloaded from the internet or elsewhere is what it says it is.
In fact in this general use MD5 is not being used to encrypt anything – instead it produces a “message digest” – a 128 bit number that is a hash function of the supplied file. The problem with collisions in this case is that it means two different files could give the same hashed value (ie MD5 digest) and you could be left thinking you had the genuine file when you did not.
But that 128 bit hashed value plainly is not going to give you back the file – unlike CSI:Miami and everywhere where you see a “let’s enhance that” computer graphics gimmick, in the real world you cannot get more information out than you put in: so a 128 bit number will not magically transform into a 5 MB file even if you can reverse the hashing.
But that was not the issue with the Sun – they appeared to be using MD5 to hash a short password and in that case, at least in theory, being able to crack MD5 could give the original information back.
Related articles
- So, is the MD5 weakness a real world problem or not? (cartesianproduct.wordpress.com)
- Brokeness of MD5 leads to attack on “The Sun” (cartesianproduct.wordpress.com)
- MD5 Hash (Checksum) (edugeek.net)
- Need guidance on message-digest based password generation algorithms. (ask.metafilter.com)
- How Perceptual Hashes Work (hackerfactor.com)
- Secure password storage – a myth? (mostof.it)
- Perl, MD5, and Unicode (zawodny.com)
- Javascript and Security (blogs.sitepoint.com)
cartesian product ... stuff about computing mostly 