Which algorithm produces a 128-bit output but is deemed insecure for password representation?

The algorithm that produces a 128-bit output and is considered insecure for password representation is MD5 (Message Digest Algorithm).

MD5 generates a fixed-size 128-bit hash value, which is relatively short, and over time, vulnerabilities have been discovered in the algorithm that compromise its integrity and security. Specifically, MD5 is susceptible to collision attacks, where two different inputs can produce the same hash output. This significantly reduces its effectiveness for cryptographic applications, especially for storing passwords, as it allows attackers to generate or find multiple inputs that will yield the same hash.

Furthermore, because of its speed, MD5 can be brute-forced rapidly by using modern hardware, making it easier for attackers to crack hashed passwords. This is why security professionals recommend against using MD5 for password storage and instead suggest more secure alternatives, such as SHA-256 or stronger hash functions that incorporate salting and are designed to resist such attacks.