The MD5 hashing algorithm gets bad press because “its insecure”. This post is not about that; MD5 is a hashing algorithm and is a good way of generating a representation of something, without actually needing the thing itself. I was asked about its use the other day so I thought I’d blog it.

One problem with MD5 is that a given input always generates the same output. Therefore, it is possible to generate a table of all (likely) values and their resulting MD5s, then be able to use it as a lookup to find out what makes that result – these are “rainbow tables”. A bit like choosing a password, having a commonly available piece of data (like an integer) means that there is probably a rainbow table with it in. Salting makes it less likely that a decode is available, and in PHP you would do something like this:

$salt = 'myrandomstring';
$hashed_value = md5($salt.$value);