MD5 is a message digest algorithm. It is officially described in RFC 1321. Basically, by taking the MD5 digest of a string or file, you are getting a 128-bit fingerprint that only that string or file can correspond to, but it can only be done one way. You can not get the original string from the MD5 digest except by brute forcing, which takes ages. One common use of MD5 is for sending passwords without overtly sending the password in plaintext.

When is MD5 used?

There are only two times in the protocol (not including versions later than MSNP7) when MD5 is used: when encrypting your password so it is not sent plaintext, and when replying to challenges.

How do you use MD5?

To use MD5 in a program, your best bet would be looking for a library, module, header, etc. that takes care of the algorithm. If no such library exists for your programming language, you can try to write one from the RFC, or you can run an external program to generate the digests.

Where MD5 is used in the protocol, it's always the MD5 hash of a string (E.G. your password) added to a hash provided by the server. The MD5 hash should be in lower-case and in hexadecimal (your MD5 library should give you an option for this). This digest will always be 32 characters long.

When the server gives you a hash, add your string onto the end of it. For example, if the server gives you the hash abcdefg and your string is 1234567, the input to the MD5 function should be abcdefg1234567. The hexadecimal digest for abcdefg1234567 would be d1713d0f1d2e8fae230328d8fd59de01.

Testing Your MD5 Implementation

To ensure that your implementation of MD5 is working, try to get the digest of 1013928519.693957190mypassword. Your hexadecimal digest should be 6f3963009fc8a9d2b2ff137da0905c55.