MD5 Vulnerability

The Message Digest 5 (MD5) algorithm is a cryptographic hash function that produces a
128-bit (16-byte) hash value that is typically represented in text (hexadecimal) notation.
Traditionally, MD5 was used to verify the integrity of transmitted data and sign digital (SSL)
certificates but has since been discovered to have flaws that make it unsuitable for use. The
particular vulnerability in question was that MD5 was susceptible to collisions. The weaknesses
in the MD5 algorithm allow for two different initialization vectors to produce an identical digest.
As a result, an attacker can generate cryptographic tokens or other data that illegitimately appear
to be authentic. The implication is that an attacker can substitute a file to be downloaded with
another, and fake the hash for a file so that the intended recipient believes he or she got the right
file even when it is not so.
It is extremely easy to exploit the said vulnerability. When the exploit was discovered in
the mid 90’s as a theoretical possibility, it presented only mild concerns. Since then, a practical
implementation of the exploit has been found to be possible. Moreover, with improvements in
the algorithms meant to take advantage of the exploit, and increases in computing power
available since the discovery, a notebook computer can carry out the exploit within minutes.
Further, tools have been developed to take advantage of the vulnerability. Of note is the
Cryptosystem ME6 9.21 which can make use of the MD5 weakness to exploit systems that use
the encryption algorithm. Moreover, the Flame malware is also known to use the same

Surname 2
vulnerability to exploit systems that still use MD5. The possibility of such attacks being carried
out against the system raises serious concerns about how secure the system is. Consequently, the
possible exploits in the system should be addressed if the system is to inspire confidence in the
security it provides.
The vulnerability poses a very significant threat since the hashing algorithm is used to
secure sensitive information within the university’s information infrastructure. The system in
place is used in managing the integrity of the files made available for download by the
University. Chances of a falsified document being passed off as an official document are thus
present. The possibility of an attack opens up formal communication, academic records, and
even examinations and course materials to being accessed illegally as these could all be served as
downloads. Since the exploit is one that is relatively easy to take advantage of, it is extremely
likely for an attack to be carried out. As such, if an attack were to be carried out, the result would
be a breach that would compromise a lot of documents.
Since the university uses the CISCO ASA firewall, the attack could be easily mitigated
by changing the default hashing algorithm to a more secure hash function like the SHA family of
cryptographic functions. CISCO, through its website, provides a set of simple commands that
can be used to change the default hashing function to the more secure SHA1 function. In this
way, the chances of the exploit occurring can be eliminated. A technical audience could be
informed that due to the vulnerability of the MD5 algorithm to collisions, the MD5 algorithm has
to be phased out. Therefore, the algorithm will no longer be used in the securing of any systems
in the University. Further, MD5 should not be utilized in any capacity if the goal is to secure
systems. For a non-technical audience, the information that is shared with them should indicate

Surname 3

that to improve current and future security, an upgrade to the system would have to be
undertaken