Frequently Asked Questions

Q1. I understand how MD5 works, but I can't figure out how to ``decrypt'' the resulting ciphertext. Can you please explain how to decrypt an MD5 output?

A1. MD5 is not an encryption algorithm---it is a message digest algorithm. There should be no feasible way to determine the input, given the output. That is one of the required properties of a message digest algorithm.


Q2. Is there an ``answer guide'' for your text Introduction to Algorithms that you co-authored with Cormen and Leiserson?

A2. No. There is, however, an Instructor's Manual, by Julie Sussman, available from your McGraw-Hill representative, if you are teaching a course based on our text book. This contains answers to a selection of problems and exercises.

You might also be interested in the Errata List.


Q3. What does "RC" stand for in the code designations "RC2", "RC4", "RC5", "RC6"?

A3. "Ron's Code" was the original meaning. However, RC6 was co-developed with Matt Robshaw, Ray Sidney, and Yiqun Yin of RSA Labs, so it is only "Ron's code" in part...


Q4. May I use MD2, MD4, and/or MD5 freely in commercial products?

A4. Yes, you may. See http://www.ietf.org/ietf/IPR/RSA-MD-all for an official position statement.

However, these hash functions are not recommended for use anymore, as their collision-resistance has been shown (by Wang et al.) to be weak. If you need collision-resistance, you might consider NIST's SHA-256 for your application.


Q5. May I use RC2, RC4, RC5, and/or RC6 freely in commercial products?

A5. In general, you should contact RSA Security for a definitive answer to these questions. For RC4, the "official word" is the following: "The mark RC4 is a registered trademark of RSA Security Inc. and may not be used by third parties creating implementations of the algorithm. RSA Security does not hold any patents nor does it have any pending applications on the RC4 algorithm. However, RSA Security does not represent or warrant that implementations of the algorithm will not infringe the intellectual property rights of any third party. Proprietary implementations of the RC4 encryption algorithm are available under license from RSA Security Inc. For licensing information, contact: RSA Security Inc. 2955 Campus Drive, Suite 400, San Mateo, CA 94403-2507, USA, or http://www.rsasecurity.com." (I don't think this precludes using the term "RC4" in scholarly publications, however.) There are no published policies regarding RC2, RC5, or RC6; please contact Burt Kaliski (bkaliski@rsasecurity.com) to discuss your situation.


Return to Ron Rivest's home page.