Is MD5 really that bad?

Question

Hello friends,

                 I've heard that MD5 is "broken" (in the context of password encryption). But I don't understand why! I've read the theory, but can't see it happening in practice...

I have an MD5 hash c1e877411f5cb44d10ece283a37e1668
And a simple bit of code to produce it

$salt="#bh35^&Res%";
$pass="***";
echo $hash=md5($salt.$pass);

So, my question is:

Is MD5 really that bad? And if so, what's the password behind the asterisks? (or another word which will produce the same hash)

I'm looking to get past theoretical reasoning, and come up with a simple example that we can use to demonstrate the problem(s) with MD5.

Answer 1

md5() is broken due to possibility of a malicious person to intentionally generate a collision. This is more of a problem for Certificate Authorities and the Public Key Infrastructure (PKI) than passwords. By generating a hash collision its possible to forge a SSL certificate.

Further more a collision against md5() is generated by using a specially crafted prefix, if you append a salt to the beginning of the message then an attacker cannot control the prefix and a collision cannot be generated.

However my biggest argument is that it is trivial to use a secure message digest function. You can install mhash or use one of the many sha2 php implementations.