MD5 is a cryptographic hash function designed by Ronald L. Rivest and published as RFC 1321, “The MD5 Message-Digest Algorithm,” in April 1992. The algorithm takes a message of arbitrary length and produces a 128-bit fingerprint, or message digest, of the input. The RFC describes it as intended for digital signature applications, where a large file is compressed in a secure manner before being encrypted under a public-key cryptosystem such as RSA.
For much of the 1990s and 2000s MD5 was one of the most widely deployed hash functions, used for verifying downloads, fingerprinting files, and storing passwords. Its compact output and speed made it convenient across many systems.
MD5 is now cryptographically broken. Researchers found practical methods to generate collisions, distinct inputs that produce the same digest, which destroys the collision resistance a secure hash requires. As a result MD5 must not be used for digital signatures, certificates, or any purpose where an attacker could exploit a forged match.
Despite this, MD5 still appears, often unwisely, as a fast checksum for detecting accidental (non-malicious) data corruption, where collision attacks are not a concern. For security-sensitive uses it has been superseded by the SHA-2 and SHA-3 families.