This document discusses weaknesses in the MD5 hashing algorithm for password encryption and proposes modifications to strengthen it. It begins by introducing MD5 and how it is commonly used to hash passwords for storage. However, MD5 is vulnerable to dictionary and rainbow table attacks. The document then suggests three modifications to MD5 to improve security: 1) Adding a salt value to each hashed password, 2) Iteratively hashing the password multiple times, and 3) Adding a random prefix or suffix to each hashed value before storage. These modifications aim to strengthen MD5 against cracking attempts.

1. ISSN: 2312-7694
Sukhmanjit et al, / International Journal of Computer and Communication System Engineering (IJCCSE), Vol. 2 (5), 2015, 698-700
698 | P a g e
© IJCCSE All Rights Reserved Vol. 02 No.05 Oct 2015 www.ijccse.com
Modified MD5 Algorithm for Password
Encryption
Sukhmanjit Kaur
Department of Computer Science
Guru Nanak Dev University
Amritsar, India
sukhmanjit_kaur@yahoo.com
Prabhsimran Singh
P.G. Deptt of Computer Science and Applications
Khalsa College
Amritsar, India
prabh_singh32@yahoo.com
Abstract— Hashing algorithms are commonly used to convert
passwords into hashes which theoretically cannot be deciphered. This
paper presents one of the most famous hashing algorithm MD5, and
suggests the possible improvements that could be made to MD5
algorithm in order to make it more secure. This paper also shows why
it is important to encrypt passwords in any system.
Index Terms— MD5, Hashing, Password Encryption, Data
Security.
I. INTRODUCTION
With the advent of computer technology, it became more
productive to store information in databases instead of storing
in paper documents. Web applications, needing user
authentication, typically validate the input passwords by
comparing them to the real passwords, which are commonly
stored in the company’s private databases. If the database and
hence these passwords were to become compromised, the
attackers would have unlimited access to these users’ personal
data/information. Nowadays, databases use a hash algorithm to
secure the stored passwords but there are still security
breaches. Recently in 2014, Sony was hacked, in 2012 Russian
hackers released a big list of cracked passwords from the well-
known social networking sites including LinkedIn. These
attacks were found to be successful due to the use of weak
security algorithms.
II. ABOUT MD5
MD5, is the full name of the Message-digest Algorithm 5,
is the fifth generation on behalf of the message digest
algorithm. In August 1992, Ronald L.Rivest submitted a
document to the IETF (The Internet Engineering Task Force)
entitled “The MD5 Message-Digest Algorithm”[1], which
describes the theory of this algorithm. For the publicity and
security of algorithm, it has been widely used to verify data
integrity in a variety of program languages since the 1990s.
MD5 was developed from MD, MD2, MD3 and MD4. It
can compress any length of data into an information digest of
128bits (16-byte) hash value, typically expressed in text
format as a 32 digit hexadecimal number as shown in figure 1.
The MD5 segment message digest often claims to be a digital
fingerprint of the data. This algorithm makes use of a series of
non-linear algorithm to do the circular operation, so that
crackers cannot restore the original data. In cryptography, it is
said that such algorithm as an irreversible algorithm, can
effectively prevent data leakage caused by inverse operation.
Figure 1: MD5 Conversion
III. MD5 IN PASSWORD ENCRYPTION
It is highly insecure to store passwords in plaintext in the
database. In order to increase the security of passwords, MD5
algorithms can be used to hash the original passwords and the
hash values, instead of the plaintext are stored in the
database[2]. Figure 2 shows the password in database saved in
form of plaintext.
Username Email_ID Password
Raman ramanarora@yahoo.com coolraman
Ravi raviparkash@gmail.com 123ravi123
Parneet Parneet22@yahoo.com pari123parneet
Figure 2: Password in Plain Form
Username Email_ID Password
Raman ramanarora@yahoo.com
a4302a40097d9e4b18
5fae487a5e1c41
Ravi raviparkash@gmail.com
f03b18d410ce4cb80
910f0218eb0a99b
Parneet Parneet22@yahoo.com
99557b213e10ddba9
e618eb5653d9d5c
Figure 3: Password in Hashed Form

2. ISSN: 2312-7694
Sukhmanjit et al, / International Journal of Computer and Communication System Engineering (IJCCSE), Vol. 2 (5), 2015, 698-700
699 | P a g e
© IJCCSE All Rights Reserved Vol. 02 No.05 Oct 2015 www.ijccse.com
Figure 4: Authentication Process
Figure 3 shows password encrypted with MD5 Hashing, it is
clear that it makes the data highly secure if password is stored
in encrypted form.
During authentication, the input password is also hashed
by MD5 in a similar way, and the result hash value is
compared with the hash value in the database for that. Figure
4, shows how authentication process takes place.
IV. SECURITY ANALYSIS OF MD5
MD5 algorithm is prone to two main types of attack,
Dictionary attacks and rainbow tables[3, 4].
A. Dictionary Attack
In dictionary attacks, an attacker tries all the possible
passwords in an exhaustive list called a dictionary. The
attacker hashes each password from the dictionary and
performs a binary search on the compromised hashed
passwords. This method can be made much quicker by
precomputing the hash values of these possible passwords and
storing them in a hash table.
B. Rainbow Attack
Rainbow tables are made up of hash chains and are more
efficient than hash tables as they optimize the storage
requirements, although the lookup is made slightly slower.
Rainbow tables differ from hash tables in that they are created
using both reduction and hash functions. Reduction functions
convert a hash value to a plaintext. The plaintext is not the
original plaintext from which the hash value was generated, but
another one. By alternating the hash function with the
reduction function, chains of alternating passwords and hash
values are formed. Only the first (chain’s start point) and last
plaintext (chain’s end point) generated are stored in the table.
To decipher a hashed password, we first process the hashed
password through reduction functions until we find a match to
a chain’s end point. We then take that chain’s corresponding
start point and regenerate the hash chain and find the original
plaintext to the hashed password. Rainbow tables are very
easily available online now. There are many password cracking
systems and websites that use rainbow tables also, for example,
OphCrack. Of course, using rainbow tables do not guarantee a
100% success rate of cracking password systems. However, the
bigger the character set used for creating the rainbow table and
the longer the hash chain length, the bigger will be the rainbow
table.
V. MODIFICATIONS FOR IMPROVED SECURITY
The following modifications can be made to MD5 hashing, in
order to make it more secured[5, 6].
A. Salting
A salt is a secondary piece of information made of a string of
characters which are appended to the plaintext and then
hashed. Figure 5, shows example of MD5 with salting.
Figure 5: MD5 with Salting

3. ISSN: 2312-7694
Sukhmanjit et al, / International Journal of Computer and Communication System Engineering (IJCCSE), Vol. 2 (5), 2015, 698-700
700 | P a g e
© IJCCSE All Rights Reserved Vol. 02 No.05 Oct 2015 www.ijccse.com
B. Iterative hashing
The password is hashed a number of times. MD5 is a fast
hashing function, that is, it is computationally fast to calculate.
Iterative hashing makes the calculation slower, hence
computationally slower and more difficult to crack. Figure 6
shows the iterative Hashing Approach.
C. Prefixes and suffixes algorithm
After encoding the MD5, you can save MD5 HASH and the
original text of passwords with random characters together,
and then conduct the comparison after adding this new version
before and after the original text. The randomness is a major
obstacle to decrypt. Figure 7 shows, result of adding suffix to
MD5.
Figure 6: Iterative MD5 Approach
Figure 7: Adding Suffix to MD5
VI. CONCLUSIONS
Password storage security is one important aspect of data
security as most systems nowadays require an authentication
method using passwords. Hashing algorithms such as MD5
are commonly used for encrypting plaintext passwords into
strings that theoretically cannot be deciphered by hackers.
However, with time, attacks became possible through the use
of dictionary tables and rainbow tables. In this paper, different
modifications were discussed that can be made to existing
MD5 algorithm inorder to make it more secure and
unbreakable.
REFERENCES
[1]. R. Rivest. The MD5 Message-Digest Algorithm
[rfc1321], 1992.
[2]. Xiaoling Zheng, JiDong Jin, Research for the Application
and Safety of MD5 Algorithm in Password
Authentication, 9th International Conference on Fuzzy
Systems and Knowledge Discovery, 2012.
[3]. Wang Xiaoyun, Chen Yin ru. Collision Analysis for
Every Round Function of the MD5, 1996.
[4]. Wang Xiaoyun. How to Break MD5 and Other Hash
Functions, 2005.
[5]. Zhang Shaolan, Xing Guobo, Yang Yixian, Improvement
and Security Analysis on MD5 [J]. Computer
Application, 2009, vol. 29(4):947-949.
[6]. H. Mirvaziri, Kasmiran Jumari, Mahamod Ismail, Z.
Mohd Hanapi, A new Hash Function Based on
Combination of Existing Digest Algorithms , The 5th
Student Conference on Research and Development –
SCOReD 2007, 11-12 December 2007, Malaysia.