Stop Using MD-5, Now!

TL;DR: Don't use MD-5 to identify malware samples. Believe me, it is a bad idea. Use SHA-256 or a stronger hash function.

This post is dedicated to all malware researchers, still using MD-5 to identify malware samples.

Before deep-diving into the details, let me explain my view on this topic. Whenever you want to identify a malware, it is only OK to publish the MD-5 hash of the malware if you post at least the SHA-256 hash of the malware as well. Publishing only the MD-5 hash is unprofessional. If you want to understand why, please continue reading. If you know about the problem, but want to help me spread the word, please link to my site www.stopusingmd5now.com.

By writing articles/posts/etc. and publishing the MD-5 hash only, it is the lesser problem that you show people your incompetency about hash functions, but you also teach other people to use MD-5. And it spreads like a disease... Last but not least, if I find a sample on your blog post, and you use MD-5 only, I can't be sure we have the same sample.

Here is a list to name a few bad examples (order is in Google search rank order):

• Kaspersky
• Bromium
• Fireeye
• Webroot
• Mcafee
• Fox-IT
• Cisco
• SANS
• ESET
• Symantec
• Watchguard
• And unfortunately, even the best books on malware analysis promote the use of MD-5 - see "Practical malware analysis" Chapter 1 Page 10

Introduction to (cryptographic) hash functions

A long time ago (according to some sources since 1970) people started designing hash functions, for an awful lot of different reasons. It can be used for file integrity verification, password verification, pseudo-random generation, etc. But one of the most important properties of a cryptographic hash function is that it can "uniquely" identify a block of data with a small, fixed bit string. E.g., malware can be identified by using only the hash itself, so everybody who has the same malware sample will have the same hash; thus they can refer to the malware by the hash itself.

It is easy to conclude that there will always be collisions, where a different block of data has the same result hashes. The domain (block of data) is infinite, while the codomain (possible hash values) is finite. The question is how easy it is to find two different blocks of data, having the same hash. Mathematicians call this property "collision resistance." Proper cryptographic hash functions are collision-resistant, meaning it is impractical or impossible to find two different blocks of data, which have the same hash.

In 1989 Ronald Rivest (the first letter in the abbreviation of the RSA algorithm) designed the MD-2 hashing algorithm. Since 1997 there are publications about that this hashing algorithm is far from perfect.

In 1990 Ronald Rivest designed the MD-4 algorithm, which is considered as broken at least from 1991. But MD-4 is still in use from Windows XP until Windows 8 in the password protocol (NTLM). Unfortunately, there are more significant problems with NTLM besides using MD-4, but this can be the topic of a different blog post.

In 1991 (you might guess who) designed yet another hashing algorithm called MD-5, to replace MD-4  (because of the known weaknesses). But again, in from 1993 it has been shown many times that MD-5 is broken as well. According to Wikipedia, "On 18 March 2006, Klima published an algorithm [17] that can find a collision within one minute on a single notebook computer, using a method he calls tunneling". This means, that with the 8 years old computing power of a single notebook one can create two different files having the same MD-5 hash. But the algorithms to generate collisions have been improved since, and "a 2013 attack by Xie Tao, Fanbao Liu, and Dengguo Feng breaks MD-5 collision resistance in 2^18 time. This attack runs in less than a second on a regular computer." The key takeaway here is that it is pretty damn hard to design a secure cryptographic hash function, which is fast, but still safe. I bet that if I would develop a hash function, Ron would be able to hack it in minutes.

Now, dear malware researcher, consider the following scenario. You as, a malware analyst, find a new binary sample. You calculate the MD-5 hash of the malware, and Google for that hash. You see this hash value on other malware researchers or on a sandbox/vendor's site. This site concludes that this sample does this or that, and is either malicious or not. Either because the site is also relying solely on MD-5 or because you have only checked the MD-5 and the researcher or sandbox has a good reputation, you move on and forget this binary. But in reality, it is possible that your binary is totally different than the one analyzed by others. The results of this mistake can scale from nothing to catastrophic.

If you don't believe me, just check the hello.exe and erase.exe on this site from Peter Sellinger. Same MD-5, different binaries; a harmless and a (fake) malicious one... And you can do the same easily at home. No supercomputers,  no NSA magic needed.

On a side-note, it is important to mention that even today it can be hard to find a block of data (in generic), if only the MD-5 hash is known ("pre image resistance"). I have heard people arguing this when I told them using MD-5 as a password hash function is a bad idea. The main problem with MD-5 as a password hash is not the weaknesses in MD-5 itself, but the lack of salt, lack of iterations, and lack of memory hardness. But still, I don't see any reason why you should use MD-5 as a building block for anything, which has anything to do with security. Would you use a car to drive your children to the school, which car has not been maintained in the last 23 year? If your answer is yes, you should neither have children nor a job in IT SEC.

Conclusion

If you are a malware researcher, and used MD-5 only to identify malware samples in the past, I suggest to write it down 1000 times: "I promise I won't use MD-5 to identify malware in the future."

I even made a website dedicated to this problem, www.stopusingmd5now.com . The next time you see a post/article/whatever where malware is identified by the MD-5 hash only, please link to this blog post or website, and the world will be a better and more professional place.

PS: If you are a forensics investigator, or software developer developing software used in forensics, the same applies to you.
PS 2: If you find this post too provocative and harsh, there is a reason for this ...

Update: I have modified two malware (Citadel, Atrax) with the help of HashClash, and now those have the same MD-5. Many thanks for Marc Stevens for his research, publishing his code, and help given during the collision finding.

Related articles

1. Hack Tools Github
2. Pentest Tools Apk
3. Nsa Hack Tools Download
4. Wifi Hacker Tools For Windows
5. Hacker Tools For Ios
6. Beginner Hacker Tools
7. Tools 4 Hack
8. Hacking Tools Software
9. Pentest Tools Free
10. Nsa Hacker Tools
11. Hack Apps
12. Hacking Tools Kit
13. Hack Tools For Windows
14. Hacking Tools
15. Hacking Tools Software
16. Blackhat Hacker Tools
17. Blackhat Hacker Tools
18. Hack And Tools
19. Pentest Tools Nmap
20. Hacking Tools For Kali Linux
21. What Are Hacking Tools
22. Hacking Tools For Games
23. Hacker Tools Free
24. Hacking Tools Free Download
25. How To Install Pentest Tools In Ubuntu
26. How To Make Hacking Tools
27. Free Pentest Tools For Windows
28. Hacking Tools Software
29. Pentest Tools Website
30. Wifi Hacker Tools For Windows
31. Pentest Tools For Mac
32. Hacker Tools For Ios
33. Best Pentesting Tools 2018
34. Hacking Tools Download
35. Hacking Tools For Windows Free Download
36. Blackhat Hacker Tools
37. Hacking Tools Windows
38. Hacker Tools For Ios
39. Hack Tools For Games
40. New Hacker Tools
41. Hacker Tools Apk Download
42. Pentest Tools Linux
43. Hack And Tools
44. Tools 4 Hack
45. Hacking Tools Github
46. Pentest Box Tools Download
47. Hack App
48. Hacker Tools Hardware
49. Hacker Tools Github
50. Hack Tools 2019
51. Pentest Tools Url Fuzzer
52. Hacker Tools Free Download
53. Hacking Tools Name
54. Hacking Tools For Windows 7
55. Hack Rom Tools
56. Pentest Tools Website Vulnerability
57. Hacking App
58. Android Hack Tools Github
59. Pentest Tools Nmap
60. Hacker Tools List
61. Pentest Tools Alternative
62. Pentest Tools For Ubuntu
63. Tools Used For Hacking
64. Hacking Tools Usb
65. Install Pentest Tools Ubuntu
66. Hacker Tools 2019
67. Pentest Tools Windows
68. Hacking Tools For Mac
69. Pentest Tools Website
70. Hacking Tools And Software
71. Hack Tools
72. Best Hacking Tools 2020
73. How To Make Hacking Tools
74. Pentest Automation Tools
75. Hacker Tool Kit
76. Hack Rom Tools
77. Hacking Tools For Windows 7
78. Pentest Tools Linux
79. Hacker Tools Free
80. Pentest Tools Free
81. Blackhat Hacker Tools
82. Pentest Reporting Tools
83. Hacker Tools Software
84. Top Pentest Tools
85. What Is Hacking Tools
86. Hacking App
87. Pentest Tools Github
88. Pentest Box Tools Download
89. Hacking Tools For Windows 7
90. Hack Tools For Mac
91. Hack Tool Apk No Root
92. Pentest Tools Download
93. Underground Hacker Sites
94. Tools Used For Hacking
95. Game Hacking
96. World No 1 Hacker Software
97. Hack Tools For Ubuntu
98. Hacker Tools Github
99. Pentest Box Tools Download
100. Best Pentesting Tools 2018
101. Hacking Tools For Windows
102. Hack Tools Download
103. Nsa Hack Tools Download
104. Game Hacking
105. Hacker Hardware Tools
106. Hacker Tools 2019
107. Pentest Tools Open Source
108. Hacking Tools Mac
109. Hacker Tools Free
110. Pentest Reporting Tools
111. Hack Tools For Ubuntu
112. Hack Tools Online
113. Pentest Tools Website
114. Hacker Tools 2019
115. Hacking Tools For Kali Linux
116. Hacking Tools For Games
117. Pentest Tools Apk
118. Hacker Hardware Tools
119. Best Hacking Tools 2019
120. How To Install Pentest Tools In Ubuntu
121. Pentest Tools For Android
122. Hacking Tools Usb
123. Pentest Tools Port Scanner
124. Pentest Tools Open Source
125. Pentest Tools Find Subdomains
126. Hack Tools 2019
127. Hack Tools Mac
128. Hacking Tools And Software
129. Hacker Tools Github
130. Blackhat Hacker Tools
131. Best Pentesting Tools 2018
132. Hack Tools
133. Hacker Tools Hardware
134. Pentest Reporting Tools
135. Hacking Tools For Games
136. Hack Tools Online
137. Hacking App
138. Hacking Tools Windows
139. Pentest Tools Github
140. Pentest Tools List
141. Hacker Tools
142. Hacking Tools For Mac
143. Hacker Tools
144. Hacking Tools 2020
145. Hacker Tools Software
146. Hacking Tools Software
147. Hacker Tools Mac
148. Pentest Tools For Mac
149. Easy Hack Tools
150. Pentest Tools Framework
151. Hacking Tools For Kali Linux
152. Hacking Tools Free Download
153. Tools Used For Hacking
154. Hacking Tools Online
155. Hacker Tools Mac
156. Nsa Hack Tools
157. Hacker Tools Github
158. Hacking Tools Github
159. Hacking Tools Windows
160. Usb Pentest Tools
161. Hacking Apps
162. Underground Hacker Sites
163. Hacker Tools Hardware
164. What Is Hacking Tools
165. Hacker Tools Linux
166. Hacking Tools And Software
167. Hack And Tools
168. Pentest Tools Open Source
169. Github Hacking Tools
170. Tools For Hacker