I read somewhere MD5 is broken in terms of collision, but I am wondering if it is broken in terms of pre-image resistance?
Given a hash of Md5, is it possible to find the original message of it? If so, what would be the complexity and time to crack it?
The only published faster-than-brute-force preimage attack I can find is this one from 2009 by Yu Sasaki and Kazumaro Aoki.
From their abstract:
This attack, with a complexity of $2^{116.9}$, generates a pseudo-preimage of MD5 and, with a complexity of $2^{123.4}$, generates a preimage of MD5. The memory complexity of the attack is $2^{45}\times 11$ words.
In short, this is not practical at all.
