Problem solve Get help with specific problems with your technologies, process and projects.

MD5 versus RC4 with 128-bit encryption

I have to choose between two applications that use different encryption algorithms. Both use 128-bit encryption. The first application uses the MD5 algorithm and second one uses the RC4 algorithm. Which is more secure?

MD5 is a hash (or message digest) algorithm, not an encryption algorithm. So it would be less secure than any cipher you could pick.

RC4 is a stream cipher and is used commonly in SSL and other systems. However, you must be careful when using stream ciphers, because you must *never* encrypt two pieces of data with the same key. If you do, someone can pry the data out of the system without breaking the key. Many of the wireless ethernet security breaks are these sorts of flaws. Generating a key each time is good enough, as the odds of replicating are not worth worrying about. (Assuming you have a good random number generator, etc.)

If you are storing data in a data base, encrypting files or other things, you should use a block cipher, like AES, Twofish, CAST-128 or Triple-DES.

For more information on this topic, visit these other SearchSecurity.com resources:
Ask the Expert: Encryption above 3-DES
Ask the Expert: What is RC4?
Best Web Links: Encryption

This was last published in September 2002

Dig Deeper on Disk and file encryption tools