For those uninitiated into the arcana of digital security, MD5 is an encryption algorithm that has been widely used since 1991. The publication of source code that discovers collisions allows attacks against MD5-encrypted data. The short story: MD5 is no longer a secure encryption method.
If you or your organization uses encrypted data, you should check whether the encryption method is MD5 (or worse, its predecessor MD4). If MD5 is still in use, your organization should actively work at moving away from it as quickly as possible.
UPDATE: data encryption and message-hashing can be found in many applications used to transact business online such as virtual private networks (VPNs), digital signatures, secure http (HTTPS) and data-integrity assurance. For example, many companies that provide downloadable content also provide an MD5 hash of the file so that customers can be assured that they are downloading what they think they’re downloading. With the release of the MD5 collision source code, such a hash could with effort be spoofed so data integrity cannot be assured. That is, the file to be downloaded could be replaced by a “black hat” payload and a faked MD5 hash. This cuts to the heart of the trust fabric woven among online businesses, their suppliers, and their customers.
Do you find news here worth reading? Do you agree (or disagree) with my slant on that news? Buy me a cup of coffee! My recipe for a daily cup: 8 ounces of 2% milk, 2 shots of espresso, 4 shakes of ground cinnamon, 2 teaspoons chocolate syrup, 1 teaspoon vanilla extract and a topping of light whipped cream. Drop a tip in my jar — whatever amount you want, whatever amount you think I've earned.
