How secure is the md5 hashing algorithm if I know some of the original data

I am planning on using md5 hash to confirm or not a secure operation, part of the original hash data is public and the other part is not:

partnerId : fixed 15 chars string (PUBLIC)
amount: int value, from 0 to 6500000 (PUBLIC)
transactionId: string, 5 to 30 chars (PUBLIC)
secure: string, yet to decide how long it needs to be. (PRIVATE)

      

        
        
        
      

    

Resulting hash md5(partnerId.amount.transactionId.secure);

The protected constant is safe on my partner server and on my server, so in theory we are the only ones who can replicate the hash. But I'm wondering how long a safe variable should be to keep the hash safe, how long is the percentage of the hash compared to the public part of the hash, 80 private / 20 public? 50/50?

Maybe there is an equation to measure?