[TheDong]

That's not the case. They're saying you can find a collision easily (i.e. I can easily give you two files that have the same md5sum).

However, "crack an md5 hash" isn't what that means. First, you can't really "crack" a hash (there are infinitely many inputs that have the same hash), but even just going from a hash to any input with that hash is much harder.

That's a preimage attack, and a preimage attack for md5, according to wikipedia, remains theoretical https://en.wikipedia.org/wiki/MD5#Preimage_vulnerability.

I welcome anyone to give a counter example by giving me something that has an md5 hash of 08fc873f2aac5acce46ed751613472fe

[greggsy]

Odds are that it’s a hash of the Rick Roll url, so challenge accepted.

[TillE]

Yeah, this is an important point. The known published attacks on MD5 are pretty narrow, so there are many circumstances where you can rely on MD5 hashes if you have to.

[quickthrower2]

Careful, you are open to a $5 wrench attack

[maccard]

That's also true if you use a more secure hash.

[quickthrower2]

Was said a bit in jest, but in seriousness - only if you publish the hash and dox yourself, or the attacker gets your hash from a DB, some identifier, and finds you. That was the joke - in this case the comment does this. (I have no idea if or how much doxxed I didn't check)

[TheDong]

Given I generated the hash with something like "head -c 1000 /dev/urandom | md5sum", I also don't really think a wrench attack would work here, even if you could find me. I don't know any input that produces that md5sum, no matter how many times you hit me with a wrench.