The times they are a-changin’.

This post seems to be older than 17 years—a long time on the internet. It might be outdated.

There’s been a hilarious argument on the WP-Hackers mailing list over what MD5 is:

Its a one-way hash, and thinking it can’t be looked up in a rainbow
table or brute forced fairly easily is more often than not wrong
(because more often than not people are using things like md5() once
without any sort of salt to hash the password).

But please, do not call it encryption. It is not, and it will never
be. Encrypting passwords in a database is just silly.


MD5 *is* technically an encryption scheme. And yes, with the help of rainbow tables, it can be decrypted – but it is never stored in plain text anywhere in a vanilla copy.

Instead, the user password when logging in is encrypted and the two MD5 hashes are compared.


No it is not. MD5 is technically a compression scheme. It is a one way
hash i.e. you cannot reverse the conversion function f(password) = hash.

For it to be an encryption scheme there must be an equivalent function
g(hash) = password.

Rainbow tables do not allow you to decrypt the MD5 hash as it has not
been encrypted all they allow you to do is identify one of the set of
plaintexts which compress to the hash string.


No, its not an encryption scheme. Its a digest algorithm. A one way
hash. And no, it can’t be decrypted, ever. You can do a reverse lookup
(rainbow tables) or generate a collision.

Encryption by definition allows one to reverse the process knowing a
certain secret (the function to reverse the process). MD5 has no such
capability. In fact, run MD5 over a terabyte of data and it’ll end up
with the same length checksum as if you checksum the letter “a”.

MD5 is a cryptographic hash function. It takes an input, performs a reducing function on it, and spits out a 32 character “fingerprint.” There is no way to mathematically take a output of a MD5 function and get the original input back. I’ve have a MD5 utility up that you play around with: