MD5 digests have been widely used in the software world to provide some assurance that a downloaded file has not been altered. A user can compare a published MD5 sum with the checksum of a downloaded file. Unix based operating systems include MD5 sum utilities in their distribution packages, whereas Windows users use third-party applications. Now that it is easy to generate MD5 collisions, though, it is possible for the person who creates the file to create a second file with the same checksum, so this technique cannot protect against some forms of malicious tampering. It is also often the case that the checksum cannot be trusted (for example, it was obtained over the same channel as the downloaded file), in which case MD5 can only provide error-checking functionality: it will recognize a corrupt or incomplete download, which becomes more likely when downloading larger files.
MD5 is widely used to store passwords. A number of MD5 reverse lookup databases exist, which make it easy to decrypt password hashed with plain MD5. To prevent such attacks you can add a salt to your passwords before hashing them. Also, it is a good idea to apply the hashing function (MD5 in this case) more than once—see key strengthening. It increases the time needed to encode a password and discourages dictionary attacks.
