Manage

MD5 vs. RC4

In this Ask the Expert Q&A our application security expert compares the MD5 encryption algorithm against its competitor RC4 and examines the security features of each.

Michael Cobb

I have to choose between two applications that use different encryption algorithms. Both use 128-bit encryption, but the one uses the MD5 algorithm and the other uses the RC4 algorithm. Which is more secure?

These two algorithms serve different purposes. MD5 (Message Digest 5) is a cryptographic one-way hash function, which produces a hash of a message. RC4 is a symmetric key stream cipher, which uses the same key for encryption and decryption. Confidence in the security of MD5 is on the wane and Microsoft banned its use in new products this year due to the increasing sophistication of cryptanalysis attacks. MD5 was developed at MIT in the early 1990s and is used to create digital signatures and verify the integrity of information to ensure that it hasn't been tampered with. However, it has been shown that collisions can be found in the MD5 function and with the resources available to a large botnet, a realistic attack could be launched in the near future.

The RC4 algorithm was designed by Ron Rivest of RSA Security in 1987 and is most commonly used to protect Internet...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

traffic using the SSL (Secure Sockets Layer) protocol. Stream ciphers can be thought of as seeded random number generators -- the seed being the key -- with the random numbers being combined with the plain text to generate ciphertext. With RSA keys, it is important to use the 128-bit version, because the 40-bit version can be exploited. Also, ensure that the application follows the recommended practice for key generation. With stream ciphers, it's important to generate a new key for each piece of encrypted data, otherwise an attacker can mount a successful attack by analyzing a large number of messages encrypted with the same key. Poor implementation of key generation has resulted in successful attacks against WEP (Wired Equivalent Privacy) systems. The recommended solution to the flaws in WEP is to switch to Wi-Fi Protected Access (WPA or WPA2). WPA uses the Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used.

This was last published in November 2005

Symmetric vs. asymmetric encryption: Decipher the differences

Transport Layer Security (TLS)

MD5

Retiring obsolete SHA-1 and RC4 cryptographic algorithms, SSLv3 protocol

Google forms cyber insurance pact with Allianz, Munich Re

Dispelling 4 of the top cloud security myths today

Guide to cloud security management and best practices

Cisco completes $4.5 billion Acacia deal

5 steps to conduct network penetration testing

5 benefits of Wi-Fi 6 for enterprise networks

Racial, gender diversity in tech improving at a glacial pace

The future of trust must be built on data transparency

What are the advantages and disadvantages of RPA?

Microsoft makes Productivity Score useful to tech buyers

Microsoft makes Universal Print generally available

Microsoft bolsters data security in 365

Microsoft ACS going GA with preview of Teams integration

Modernize and migrate mainframe apps to the cloud

How to create snapshots for Azure VMs and managed disks

T-Mobile targets post-pandemic workplace with remote working suite

Connectivity the ‘unsung hero’ of the future of work

Williams F1 car launch disrupted by data leak

Dig Deeper on Email and Messaging Threats-Information Security Threats

Symmetric vs. asymmetric encryption: Decipher the differences

Transport Layer Security (TLS)

MD5

Retiring obsolete SHA-1 and RC4 cryptographic algorithms, SSLv3 protocol

Related Q&A from Michael Cobb