How to decrypt MD5?

Asked

Viewed 53,481 times

43

If I have the following code $senha = md5("senha") and send it to the database $senha, it should be possible to recover this MD5 at the bank and show "password" back on an information update form, no?

Is that possible or a string encrypted in MD5 cannot be decrypted?

  • 2

    "MD5 Calculates the hash MD5 of a string", it is not an encryption something. Although it is often used to "encrypt" passwords. The most it does is generate a comparison hash. By the way, what is the reason for reversing the user’s password? If he forgot, just create a new one.

  • 2

    Imagine that some error occurs and escapes data from users, or provides access to DB, anyone with the 'pseudo-password-encrypted' could reverse it. Which wouldn’t be good.

  • 3

    Related: "How to hash passwords securely?". Briefly, you don’t "decrypt" MD5 - since this is a function of hashing, nay cipher (as the ESA or similar). To check if a new data is equal to a previously hashed data, you hash the data again and compare it with the stored hash (equal data generates equal hashes). But as the linked question shows, you should not use MD5 to secure passwords.

  • 1

    MD5 is not encryption. It’s hash. If it’s not encryption, there’s no decryption. If you take 1TB of data or a single byte and generate the MD5 of both, you will get a hash of the same size. If it were possible to "decrypt" the hash and get the 1TB back, you would have the best data compactor in the Universe! rs... What exists are hash dictionaries, which store data that has been processed and thus can obtain the original information from the hash.

  • Have any answers solved the problem? Do you think you should accept any?

  • Hello, on this site you can decrypt md5: http://www.md5online.org/

  • 1

    Pigeon hole theorem: if 9 pigeons enter 8 houses, at least 2 pigeons will have to share a house. Since MD5 has only 128 bits, there are numerous passwords that generate the same MD5. Of course, as it is a high quality hash, an accidental collision is unlikely. What people try, to discover commonly used passwords, are the "Rainbow Tables. Sometimes searching for MD5 in Google results in the original string (or rather, the most likely original string, because as said, there are infinite strings that generate the same hash)

Show 2 more comments

4 answers

57


That is not possible.

The MD5 string does not have the information that was encrypted in its contents. It is a unique representation of the original string but does not contain an encrypted version of the original content.

MD5 is referred to as a one-way function, or once encrypted it has no way to decrypt.

To better understand it can be said that what is stored in the database is not the password but the MD5 representation of it. When you enter the password again the MD5 will generate the same string and it will work, but the password is lost/exchanged by the new encrypted string in MD5.

An MD5 string has 128 bits regardless of the size of the original content. That means there are 2128 possible hashes.

You can take a look at one here good question and answers in English in the Soen

  • 3

    Just to complement, the only way is to "break" the MD5, that is, use some method of brute force. There is such a website here: http://www.hashkiller.co.uk/md5-decrypter.aspx where they use a database with known hashes to decode MD5.

  • 1

    You cannot simply assume that it is not possible to "break" the MD5, because through the "previous knowledge library method" as @g.carvalho97 said it is possible to break several hashes (but not all).

  • 1

    @Pauloroberto is not possible to decrypt a hash because there are several strings that can give the same hash. Unlikely but possible. Hence my answer. You can’t tell because it’s not there. It may be possible to match, but as I said it may be the wrong string since there is a limited number of hashes and the possible strings are unlimited.

  • 1

    @Sergio why I said (but not all) but you agree with me that many can be broken? mainly the most used like 12345, or 2468 or pass, password, pasw, among others

  • 1

    @Pauloroberto yes, not forgetting that if we find a string that generates a hash that we are trying to break there may be more representations for the same hash.

  • @Sergio, I’m sorry to relive the discussion, but I was thinking about reviewing these comments, and I wanted to ask you something. You said that "there are several strings that can give the same hash." Good but if I only find one of these strings would be enough wouldn’t it? After all what the application will validate is if the hash === hash in the database then even if there are other hashes all of them will give true and will log in, my theory remains the same.. would not be?

  • Actually Mrs. Wang has already broken the MD5, and has a app to do this here have another example

  • In addition, there is collision on md5: https://www.mscs.dal.ca/~Selinger/md5collision/

Show 3 more comments

35

What is the MD5?

MD5 is a technique to generate a code hash. It is a code that seeks to find a unique representation of an information (there are no guarantees that does not have collisions - same code for two different information). It is not made to encrypt information. This should already be clear according to what has already been said here in comments and responses. This is used to create a difficult data access.

The problem with MD5 is that it is possible to break its security. It’s not something simple to do but it is possible. If you really want to do this, you should be prepared not only to study the subject a lot but also to be willing to get what you want. Breaking security is not the same as discovering its original content.

MD5 to protect passwords

There is no reason to reverse a password encoding other than to do something illegal. If you are wanting to break a password you can (even on your systems, in every sense) break a password can be illegal. If you lost the password, create another one, don’t try to figure out what the password was.

If you just want to compare to know if the password sent to the system is valid then you should apply the hash MD5 on it and compare the two hashes. Anyway simply using pure MD5 is not good practice (read the link above).

Reversible encryption

If you need to encrypt something that relies on reversal, decryption, for some reason, you should use an algorithm that allows this (symmetrical encryption). Of course, such an algorithm has its safety deficiencies. Reversible algorithms have the basis of security by concealing the encryption key. If someone has the key, the encryption is compromised. Then the problem to pass is to protect the key well. But as far as I know no one has managed a better way to solve this problem.

In cases where this is important it is common to use keys that complement each other to perform the operation. This is used in encryption for content encoding and communication as used in SSL, file encryption and pay TV channels (asymmetrical cryptography).

In some cases the key may change frequently making its discovery and use more difficult. When someone discovers the key it is no longer used. Evidently this is more useful in unstable content (TV broadcast for example). It is possible to apply to a disk file but it takes work to do it in a minimally safe way.

Completion

Breaking security usually uses various techniques together. And the most commonly used is the social engineering, is to use the 171 (origin of the popular term) to get what you want. Humans are much easier to dribble than equipment, than mathematics.

Try to use this.

17

MD5, speaking in a popular language, is a hash one-way.

No information to reverse the hash for the original value.

A few years ago, several websites offered solutions to "reverse" the hash and this causes a certain confusion because those who do not understand the subject end up believing that the MD5 is reversible. What these sites offer is the so-called Rainbow table. The technique consists of the same logic of a "Brut force".

As Rainbow Tables are only database containing strings and their respective values in MD5.

This scheme works only for hashes without "bounce".

The logic is simple. A script automatically generates, in an "infinite loop", all kinds of possible character combinations. Within this loop, the MD5 hash of this combination is also generated and saved in a database, which has a pseudonym known as "Rainbow table".

Currently, several websites guarantee to have combinations of 5 full characters and almost completing 6 characters.

To better understand, see an example of the logic involved:

Size 1 character combinations and their respective MD5

 a -> 0cc175b9c0f1b6a831c399e269772661
 b -> 92eb5ffee6ae2fec3ad71c777531578f
 c -> 4a8a08f09d37b73795649038408b5f33

And so it goes on until generating MD5 of all character types, including numbers and multibyte characters

あ -> 8c0c3027e3cfc3d644caab3847a505b0
い -> 655dcb0e6519c34baf6d9d53e1932389
う -> 31e55ff7f86aaee740277059a9983d89
□ -> 8c8586b6fb99a8815eeec4ea97e6222d

It seems easy to generate the hashes, however, it is necessary to create the combinations. Here we have an example of size 2:

ab -> 187ef4436122d1cc2f40dc2b92f0eba0
ac -> e2075474294983e013ee4dd2201c7a73
ba -> 07159c47ee1b19ae4fb9c40d480856c4
bc -> 5360af35bde9ebd8f01f492dc059593c
ca -> 5435c69ed3bcc5b2e4d580e393e373d3
cb -> d0d7fdb6977b26929fb68c6083c0b439

So far it seems easy, but imagine 5 combinations. How many possible combinations there are in 5 houses?

abcde -> ab56b4d92b40713acc5af89985d4b786
acbde -> e0e56a95aff0ee48fc44e8a4faf69adb
adbce -> a44a7eb2135809f67ce273e0de8b52cb

Even with size 5, it doesn’t seem difficult if we only deal with Roman alphabet and numbers, but remember that you should also include special/multibyte characters. At this point the combinations pass trillions of records.

How these sites return the value of a hash?

Just looking in the database.

select original from rainbowtable where hash = 'ab56b4d92b40713acc5af89985d4b786'

This would return "abcde", if you are already saved in the database.

Therefore, it is recommended to avoid short passwords, smaller than 6 characters and also passwords containing simple characters.

Simple password example, where obviously Rainbow Tables sites already have their hashes:

abc
111
123
abc123
senha
passord
user
admin
123456
111111

When creating a password, try to do at least something like this:

j&SCjV:Kd#A!6VN7x=eY

Mix special characters, uppercase and lowercase letters, numbers. Finally, the larger and more complex, the less likely it is to exist in a Rainbow table or be broken by Brut force.

Password recovery

it should be possible to recover this MD5 in the database and show "password" of back on an information update form, no?

A website that returns the original password to the user is insecure. When you find a website that does this, avoid using it if you have important information, especially financial transactions.

A website that can see the password typed by the user, hurts basic privacy and security rules because even a hosting server administrator or the website programmer can be malicious and get the user passwords.

An aggravating factor in this is that most users use the same password for everything. Email services, social network accounts, even credit card password.

That is, if you get the password, you will have the passport for almost all or all accounts that this user has in third-party services.

The same 1234 password, which is used on facebook, also uses on credit card, debit card, email and various services. Unfortunately the user gives up his own security for "practicality".

(The term *facebook is a mere example. Obviously facebook does not allow such a password)

At this point comes the responsibility of service providers in forcing the user to create complex passwords. Complexity Depends on Service Business Model.

Final remark, there are also Tables raibow of other hashes like sha1, des, crypt16, among others.

  • Excellent answer! Add-on with a site that performs simple conversions: https://md5.gromweb.com/? md5=4012dd35d6cbfb0f33faa6981db70f88

2

When you encrypt a password and write to the database it is not necessary to decrypt to know if it is correct. You must encrypt the one that was informed at the time of authentication and compare it to the one that was recorded in the database.

select * 
from user 
where usuario = usuario_informado 
and senha = md5(senha_informada)

Browser other questions tagged

You are not signed in. Login or sign up in order to post.