Maximum length for MD5 input/output

Question

What is the maximum length of the string that can have md5 hashed? Or: If it has no limit, and if so what will be the max length of the md5 output value?

Follow the wiki: http://en.wikipedia.org/wiki/MD5 – Frank Oct 23 '13 at 12:24 — Frank, Oct 23 '13 at 12:24

score 275 · Accepted Answer · answered Aug 03 '10 at 07:46

275

MD5 processes an arbitrary-length message into a fixed-length output of 128 bits, typically represented as a sequence of 32 hexadecimal digits.

answered Aug 03 '10 at 07:46

Daniel Vassallo

337,827
72
505
443

128

Note to self: MD5 hash length = `128 bits` = `16 bytes` = `32 hex digits` – checksum Dec 30 '13 at 08:21
2

[A normal Edit] 32 hex digits and the string contains only words from 'a-z' and digits from '0-9' – node_analyser Nov 06 '14 at 10:36
1

I noticed a little mistake in previous comments. Text should be as quoted :) "32 hex digits and the string contains only **letters** from 'a-z' and digits from '0-9'" – Remis B Apr 09 '15 at 14:36
or: `128 bits = 32 hex digits * 4bit` – Aydin K. Apr 13 '16 at 14:08
May you please tell me how many characters exactly can be as MD5's input? `MD5("how many characters can be in here?");` – Shafizadeh Apr 25 '16 at 20:33
2

@Shafizadeh As the answer states, the input has an arbitrary length. This means the parameter can be any length you need. – kdojeteri Apr 27 '16 at 11:09
1

@Peping A small correction: The input can be as long as the used datatype in the programming language used can be. Example: Java's strings use an array internally, therefore, a string can only contain (2^31)-1 characters (or less, depending on the heap size).That would also be your maximum input for the MD5 function in Java. But pure theoretically, the MD5 function could process indeed an input of arbitrary length. ;) – RicoBrassers Feb 14 '17 at 10:55
FWIW - @RicoBrassers - I suppose you were making a tongue-in-cheek comment, because OP mentioned an input "string", but I'd like to point out that input could be as large as desired in practice, not just in theory. For example, a Java function could take as input the name of a file. That file could be as large as available storage; not limited by any datatype. It could even be from some streaming source, that far exceeds available local storage. Just saying. :P – ToolmakerSteve Jul 24 '17 at 10:15
@ToolmakerSteve Well, it depends on your implementation. If your hash function supports streaming data, then you're correct, obviously. While the hashing algorithm itself shouldn't have a limitation in theory, the practical implementation itself might have some form of limitation. Thank you for the heads up. ;) – RicoBrassers Jul 25 '17 at 08:35
In principle MD5 uses the input length as a variable in the final block, but it wraps around at 2^64 bits, i.e. 2^61 bytes or about 2.3 exabytes, at which point I would suggest some implementations might fail. Most strings however will stay slightly below 2.3 exabytes :P – Maarten Bodewes Oct 25 '22 at 11:25

score 46 · Answer 2 · edited Oct 07 '21 at 05:46

46

The length of the message is unlimited.

Append Length

A 64-bit representation of b (the length of the message before the padding bits were added) is appended to the result of the previous step. In the unlikely event that b is greater than 2^64, then only the low-order 64 bits of b are used.

The hash is always 128 bits. If you encode it as a hexdecimal string you can encode 4 bits per character, giving 32 characters.
MD5 is not encryption. You cannot in general "decrypt" an MD5 hash to get the original string.

See more here.

edited Oct 07 '21 at 05:46

Community

1
1

answered Aug 03 '10 at 07:48

Mark Byers

811,555
193
1,581
1,452

*The length of the message is unlimited*, What do you mean *message*? Is it input? My question is `MD5("how many characters exactly?");` – Shafizadeh Apr 25 '16 at 20:31
@Shafizadeh Your input can be as long as possible in your current programming language, in Java this would be (2^31)-1 characters in a string. And yes, the "message" is the input. – RicoBrassers Feb 14 '17 at 10:58
1

@Shafizadeh ... or from a file, the input could be as large as available storage. – ToolmakerSteve Jul 24 '17 at 10:30

score 15 · Answer 3 · answered Aug 03 '10 at 07:47

15

You can have any length, but of course, there can be a memory issue on the computer if the String input is too long. The output is always 32 characters.

answered Aug 03 '10 at 07:47

Vidar Vestnes

42,644
28
86
100

4

If the string input is too long it wouldn't exist in the system in the first place, unless it's in a file, in which case you can pass in blocks to the digest function as they are read, in other words, you only need to have `block` bytes of the input available at a time. – L̲̳o̲̳̳n̲̳̳g̲̳̳p̲̳o̲̳̳k̲̳̳e̲̳̳ Aug 03 '10 at 08:02

score 7 · Answer 4 · edited Dec 01 '15 at 09:28

7

The algorithm has been designed to support arbitrary input length. I.e you can compute hashes of big files like ISO of a DVD...

If there is a limitation for the input it could come from the environment where the hash function is used. Let's say you want to compute a file and the environment has a MAX_FILE limit.

But the output string will be always the same: 32 hex chars (128 bits)!

edited Dec 01 '15 at 09:28

Paul B.

2,394
27
47

answered Aug 03 '10 at 07:45

Kami

5,959
8
38
51

score 4 · Answer 5 · answered Aug 03 '10 at 07:46

4

A 128-bit MD5 hash is represented as a sequence of 32 hexadecimal digits.

answered Aug 03 '10 at 07:46

Hamid Nazari

3,905
2
28
31

score 4 · Answer 6 · edited Aug 07 '10 at 16:46

4

You may want to use SHA-1 instead of MD5, as MD5 is considered broken.

You can read more about MD5 vulnerabilities in this Wikipedia article.

edited Aug 07 '10 at 16:46

Daniel Vassallo

337,827
72
505
443

answered Aug 03 '10 at 07:58

enam

1
1

14

Its creator, as well as Bruce Schneier and Homeland Security are in agreement that it's broken... How many more 'rumorspreading' do you need to convince you that it's actually been broken for some time? Fact is that it's arbitrarily easy to find an input that generates a specific hash. Of course you can mitigate this risk by salting your inputs, using sufficiently large salts. On a side-note: SHA-1 is considered to be just as broken. If you advise people to upgrade, advise them to upgrade to SHA-2, please. – kander Aug 03 '10 at 08:25
3

@kander oh I need a very little. An example. Given a hash, will you bring a source string? Not a link to some great article, not someone's opinion but just a source string? – Your Common Sense Aug 03 '10 at 08:35
@Col. Shrapnel: Producing a source string is good, but I'd say if he can produce an article showing how to crack it at a cost of $xxxxxxx that would also be enough. – Mark Byers Aug 03 '10 at 08:44
@Mark no problem, I haven't said "original source". You are free to provide any string that will produce the same hash. Money? Who said money? `Fact is that it's arbitrarily easy to find an input that generates a specific hash.`. He haven't said it will cost any money – Your Common Sense Aug 03 '10 at 08:50
I actually do see a problem in using unsalted md5 for saving passwords. Fact is (and everybody may verify this using a simple Google search) that there are many providers who allow you to "crack" some of the "easier" hashes (i.e. having a short alphanumeric source string for example - exactly what you have in passwords...) I actually tried that on some of the hashes in a database and found that I can at least find 1/4 using this. So even a hobby developer having not the smallest knowledge about cryptography *can* find the password behind the hash - if the password is bad - which it is! – NikiC Aug 03 '10 at 09:25
But I don't want to say that using md5(md5()) or sha1() instead will fix the problem. There are providers for those, too, though far less. – NikiC Aug 03 '10 at 09:26
@Col. Shrapnel: Are you a Mathematician or a Cryptographer? If not, why do you doubt the opinion of those scientists? In a mathematical sense, MD5 is definitely broken because there are methods which are faster than brute force. This might not have an impact on the daily use of MD5 yet (in a large scale). But a hash or encryption scheme has not only to be secure *now* but also *in the future*. And if there are already ways to break it, it will become even easier in the future. Of course it depends in which context you want to use MD5, but broken is broken. – Felix Kling Aug 03 '10 at 09:29
For SHA-1 were also found collisions(theoretical attack). See [Comparison of SHA functions](http://en.wikipedia.org/wiki/SHA-1#Comparison_of_SHA_functions) – alexbusu Feb 13 '13 at 14:47
2

Nobody really mentioned what they really mean under the term "broken". Although, @YourCommonSense makes sense. – JSmyth Jan 11 '14 at 22:27
2

Hashes aren't only used for security. – Salami Mar 20 '16 at 16:19
5

You are talking about security uses of MD5. But MD5 (or any other hashing technique) has a ton of other uses. I, for one, want to use it to rename a file by its hash. I'm surely not concerned about the collision resistance of MD5. Everything you posted is still true, just my 2 cents. – tfrascaroli Jan 09 '17 at 09:22
2

MD5 is considered broken/insecure and should not be used for critical stuff like passwords in databases anymore. It can still be used for file checksums, though. – RicoBrassers Feb 14 '17 at 11:03
2

That depends on the use. The question does not say what the use of the hash will be. MD5 is not considered broken. It is however completely unsuitable for passwords etc. as it is NOT used as a CRYPTOGRAPHIC hash function in any modern sense. It is however extremely faster than SHA1, and so is a very nice one to use if we just care about e.g. finding an insecure cache file name or creating a fast hash lookup for e.g counting, checksums etc. It does its job very well, however this job is not security related. – ntg 1 min ago edit – ntg Mar 18 '18 at 04:51
How does this answer the question? – jinawee Jul 10 '18 at 13:11

score 3 · Answer 7 · answered Aug 03 '10 at 07:48

There is no limit to the input of md5 that I know of. Some implementations require the entire input to be loaded into memory before passing it into the md5 function (i.e., the implementation acts on a block of memory, not on a stream), but this is not a limitation of the algorithm itself. The output is always 128 bits. Note that md5 is not an encryption algorithm, but a cryptographic hash. This means that you can use it to verify the integrity of a chunk of data, but you cannot reverse the hashing. Also note that md5 is considered broken, so you shouldn't use it for anything security-related (it's still fine to verify the integrity of downloaded files and such).

score 1 · Answer 8 · answered Jun 27 '21 at 15:38

1

md5 algorithm appends the message length to the last 64 bits of the last block, thus it would be fair to say that the message can be 2^64 bits long (18 e18 bits).

answered Jun 27 '21 at 15:38

MARCILIO DACOL NETO

11
1

that would be 18 exabits or 18 e3 petabits or 18 e6 terabits or 18 e9 Gigabits. – MARCILIO DACOL NETO Jun 27 '21 at 15:41

score 0 · Answer 9 · answered Jul 30 '21 at 16:17

Max length for MD5 input : largest definable and usable stream of bit A stream of bit definition constraints can depend on operating system, hardware constraints, programming language and more...

Length for MD5 output : Fixed-length always 128 bits For easier display, they are usually displayed in hex, which because each hex digit (0-1-2-3-4-5-6-7-8-9-A-B-C-D-E-F) takes up 4 bits of space, so its output can be displayed as 32 hex digits. 128 bits = 16 bytes = 32 hex digits

Maximum length for MD5 input/output

9 Answers9

Linked

Related