Jump to content

Talk:MD5

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

Need to more prominently address vulnerabilities

[edit]

I strongly feel that the first sentence of this article needs to call attention to the fundamental insecurity of MD5 as a cryptographic hash function. It's literally the first thing that anyone needs to know about it. Some people are not aware of this and continue, even to this day, to use MD5 as a cryptographic hash function despite its unsuitability for this purpose.

I made such an edit on 26 Aug 2023 but it was reverted, the editor making the reversion said simply "Npov". Is there anything non neutral about the edit I made? Everything I said is absolutely accurate according to verifiable sources already cited in the article. Indeed everything I said in my edit the article already said; all I did was move that accurate and verifiable information into the lead sentence.

Another user again added mention of the algorithm's insecurity on 16 Mar 2024, but it was again reverted. This time the reverting editor stated "There's nothing insecure about a hash function, it does what's it supposed to do; the way we used it". This is a bizarre statement, "There's nothing insecure about a hash function"; there certainly is something (very) insecure about this hash function, and it absolutely does not do what it was supposed to do, and presumed to do, when it was designed and first widely implemented. Again, as all already discussed in detail in the article: "Historically it was widely used as a cryptographic hash function; however it has been found to suffer from extensive vulnerabilities. It remains suitable for other non-cryptographic purposes". Uh... right. So is there something wrong with saying it in the lead sentence? "The way we used it" is also a bizarre phrase: the way who used it?

What I, and the other editor, were trying to do, was merely give more prominence to information already discussed. I don't want to start an edit war, so I'm writing here.

Can anyone provide a justification for not stating the single most important fact about the topic of the article in the first sentence of the article?

If no one provides a real objection based in Wikipedia's policies and the facts about the article's topic as confirmed by verifiable sources, I'm going to again edit the first sentence to make clear what the article already accurately states lower down, that MD5 suffers from extensive vulnerabilities and is not suitable for cryptographic purposes.

75.166.157.156 (talk) 01:29, 31 May 2024 (UTC)[reply]

The second sentence already addresses the security issue with: " Historically it was widely used as a cryptographic hash function; however it has been found to suffer from extensive vulnerabilities.". Maria Gemmi (talk) 15:02, 2 June 2024 (UTC)[reply]