MD5 has been broken. It is safer not to use it.
The MD5 flaw found in the possibility of finding MD5 collisions (ie blocks of different data with the same MD5), which had never been done before.
- Under fixed terms, to find such collisions required computing time beyond our reach.
- Researchers have managed to find MD5 collisions, being a breakthrough in cryptanalysis.
- However, it is impossible to create data with a specific MD5.
- It is impossible for an "enemy" to create a file with the same MD5 as an existing file.
- In this case you can't say that MD5 is broken.
- We can only create files with the same MD5, but this needs to include a block of data padding (called invariant MD5), and you can't select the contents of this block.
- It will therefore be necessary - long term - go to other algorithms (like SHA-256, SHA-512), but right now, MD5 is not a security issue (except special cases).
Collisions have also been found for SHA-1. The same comments apply.
It also means that there is no need for using MD5 as rainbow-tables.
In practice, this is however not a problem.
To counter the risk of presence of invariants MD5, this can be done by using MD5 to SHA-1. Invariants are different, impossible to falsify both. You can also use SHA-256 or SHA-512 in place of (or with) MD5.
To counter the rainbow-tables, just add salt before: Instead of calculating MD5 (password), we calculate MD5 ( "foo" + password). This makes the rainbow-tables completely unusable for an attack.
However, for existing systems using MD5, it can be inconvenient, both for invariants and rainbow-tables which require systems update.
Thanks to sebsauvage for this tip.