Is it possible to keep same md5 checksum of a file after content modification?

Question

Many websites put md5 checksums for downloadable files so users can verify the string against their downloaded file's md5. Can someone modify the content of the original file but still keeping the original md5 checksum?

Answer 1

Typically changing a single bit in the file will change approximately 50% of the bits in the hash.

It is not probable to make a change and have the same hash even with MD5

Note that finding a collision to a known hash is harder than just finding any collision. on average for MD5 it will take 2^127attempts and the longer the file the more time each attempt takes.

One should use SHA256 or better. SHA256 only takes about twice as much time as MD5.

Answer 2

Yes, it is possible to modify a file without changing the MD5 checksum. That is why it is important to move to more secure hashing algorithms like SHA-256. For security purposes, MD5 and SHA-1 are pretty much considered to be deprecated.

Wikipedia has a section about MD5's security issues:

https://en.wikipedia.org/wiki/MD5#Security

Answer 3

The idea of the md5 checksum is that every bit on the original file remains the same. Although the algorithm may have collisions, it's mostly improbable that the md5 remains the same. So you should update the md5 file as well for the tools that check it or remove it completely so those tools checking it would fail.

If you update the original and keep the old md5, than you are banning the tools which cares about checksum.

Answer 4

It depends upon the context you're talking about. If you're asking if random changes to a file will ever result in a file with the same MD5, then the answer is yes it is theoretically possible but it is extremely unlikely. On the other hand if you are talking about a situation which has an active attacker, then yes, it is far more likely. MD5 is no longer considered cryptographically secure.