The Prior Art Database and Publishing service will be updated on Tuesday, November 13th, from 8-9pm ET. You may experience brief service interruptions during that time.
Browse Prior Art Database

The MD5 Message-Digest Algorithm (RFC1321)

IP.com Disclosure Number: IPCOM000002143D
Original Publication Date: 1992-Apr-01
Included in the Prior Art Database: 2000-Sep-12
Document File: 18 page(s) / 32K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

R. Rivest: AUTHOR


Status of this Memo

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 8% of the total text.

Network Working Group R. Rivest

Request for Comments: 1321 MIT Laboratory for Computer Science

and RSA Data Security, Inc.

April 1992

The MD5 Message-Digest Algorithm

Status of this Memo

This memo provides information for the Internet community. It does

not specify an Internet standard. Distribution of this memo is



We would like to thank Don Coppersmith, Burt Kaliski, Ralph Merkle,

David Chaum, and Noam Nisan for numerous helpful comments and


Table of Contents

1. Executive Summary 1

2. Terminology and Notation 2

3. MD5 Algorithm Description 3

4. Summary 6

5. Differences Between MD4 and MD5 6

References 7

APPENDIX A - Reference Implementation 7

Security Considerations 21

Author's Address 21

1. Executive Summary

This document describes the MD5 message-digest algorithm. The

algorithm takes as input a message of arbitrary length and produces

as output a 128-bit "fingerprint" or "message digest" of the input.

It is conjectured that it is computationally infeasible to produce

two messages having the same message digest, or to produce any

message having a given prespecified target message digest. The MD5

algorithm is intended for digital signature applications, where a

large file must be "compressed" in a secure manner before being

encrypted with a private (secret) key under a public-key cryptosystem

such as RSA.

The MD5 algorithm is designed to be quite fast on 32-bit machines. In

addition, the MD5 algorithm does not require any large substitution

tables; the algorithm can be coded quite compactly.

The MD5 algorithm is an extension of the MD4 message-digest algorithm

1,2]. MD5 is slightly slower than MD4, but is more "conservative" in

design. MD5 was designed because it was felt that MD4 was perhaps

being adopted for use more quickly than justified by the existing

critical review; because MD4 was designed to be exceptionally fast,

it is "at the edge" in terms of risking successful cryptanalytic

attack. MD5 backs off a bit, giving up a little in speed f...