RFC 1321 – MD5 Message-Digest Algorithm

Network Working GroupR. Rivest
Request for Comments: 1321MIT Laboratory for Computer Science
and RSA Data Security, Inc.
April 1992

The MD5 Message-Digest Algorithm

Status of this Memo

This memo provides information for the Internet community.It does
not specify an Internet standard.Distribution of this memo is


We would like to thank Don Coppersmith, Burt Kaliski, Ralph Merkle,
David Chaum, and Noam Nisan for numerous helpful comments and

Table of Contents

1. Executive Summary1
2. Terminology and Notation2
3. MD5 Algorithm Description3
4. Summary6
5. Differences Between MD4 and MD56
APPENDIX A – Reference Implementation7
Security Considerations21
Author’s Address21

1. Executive Summary

This document describes the MD5 message-digest algorithm. The
algorithm takes as input a message of arbitrary length and produces
as output a 128-bit “fingerprint” or “message digest” of the input.
It is conjectured that it is computationally infeasible to produce
two messages having the same message digest, or to produce any
message having a given prespecified target message digest. The MD5
algorithm is intended for digital signature applications, where a
large file must be “compressed” in a secure manner before being
encrypted with a private (secret) key under a public-key cryptosystem
such as RSA.