Announcement

Collapse
No announcement yet.

I can decrypt MD5

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Joe Gronlund
    replied
    Originally posted by Erwin View Post
    Hash is illegal in some countries.


    lol

    Leave a comment:


  • Erwin
    replied
    Hash is illegal in some countries.

    Leave a comment:


  • Marco van Herwaarden
    replied
    Originally posted by DirectPixel
    Marco, the probability for collisions with MD5 is one in 2^64. Highly unlikely. We can, for the most part, assume that each hash identifies an unique object.
    I understand what you are saying, but you are assuming that the number of different plaintext values is the same as the length of the hash (2^64). The chance of duplicates will increase with the number of possible input values (ie. bit lenght) for the hash function.

    Leave a comment:


  • DirectPixel
    replied
    Marco, the probability for collisions with MD5 is one in 2^64. Highly unlikely. We can, for the most part, assume that each hash identifies an unique object.

    dreamer81, you cannot decrypt MD5. Why? Let me explain this to you with a simple analogy. Pretend I give you a number, like... 540341239. Let's say that's your hash. Now, can you tell me what parameters I put into a function to make that number? No. But, if I tell you the function, you can plug in any parameter in the world and arrive at your own number.

    This is an example of a one-way hash function.

    What you are doing is brute-forcing the hashes. You go through each and every combination of letters/numbers/etc. and compare the hashes until you arrive at one that matches. However, this is very impractical for you, since almost all applications of MD5 that involves protecting data (such as a password) uses salt values to randomize the MD5 each time. Salt values are not used when you're using MD5 to verify data. But in those cases, the length of the data is almost always longer than 5 or 7 or even 100 digits.

    Now, if you had proclaimed that you could decrypt RSA, AES, or some other equivalent encryption algorithm (as opposed to a hashing algorithm) in a quick and low-resource way on an everyday desktop, then you might be on to something.
    Last edited by DirectPixel; Fri 8 Sep '06, 2:05am.

    Leave a comment:


  • Marco van Herwaarden
    replied
    .....and even without the salt, 2 different passwords could lead to the same hash, so duplicate hashes would not need to mean that the passwords are the same.

    Leave a comment:


  • Colin F
    replied
    filburt1, that query won't work because of the salt. Even if 5 people have the same password, the salt will change the second hash.

    Leave a comment:


  • Joe Gronlund
    replied
    Originally posted by Gary Bolton View Post
    I'm hungry now. Cheese and crisp buttys, with salt on of course.

    Me too

    Leave a comment:


  • MRGTB
    replied
    Originally posted by Joe Gronlund View Post
    LOL Salted Do we get cheese with that??
    I'm hungry now. Cheese and crisp buttys, with salt on of course.

    Leave a comment:


  • Joe Gronlund
    replied
    Originally posted by Colin F View Post
    And just before anyone asks, vBulletins passwords are not affected by this, because they're hashed twice and salted.
    LOL Salted Do we get cheese with that??

    Leave a comment:


  • filburt1
    replied
    c16d33e92f948ede8fd0a51ea8c8ee5e . Unhash now. No, it's not profanity.

    With an MD5 hash string that PHP generates, there are 16^32 possibilities for hashes. That's just about 340,282,366,920,938,463,463,374,607,431,770,000,000 possibilities (sorry about the lack of precision). So, if you could calculate a million MD5 hashes per second, it'll take you about 1078289752455631808069607.9785274 years maximum to get it right.

    Windows Calculator > *

    Having said that, this query should show you how many users have duplicate passwords, and therefore stupidly simple passwords in all likelyhood:
    Code:
    SELECT COUNT(password) - COUNT(DISTINCT password) FROM user
    ...if that works in MySQL (fine in PostgreSQL) and if the table is set up as I recall.
    Last edited by filburt1; Thu 7 Sep '06, 5:37pm.

    Leave a comment:


  • Jerry
    replied
    There needs to be a thread with "This is encryption and this is a hash" .......

    Leave a comment:


  • Tree
    replied
    It's possible to make a rainbow table for multiple MD5 + salts, but depending on the length of the salt, there's over 100 possibilities for one password.

    Leave a comment:


  • Marco van Herwaarden
    replied
    Like filburt also mentioned, MD5 is not an encryption, but a hash. The difference between these 2 is that with an encryption-algorythm it is a 2way process encrypt<->decrypt. With a hash this is a 1-way process, there is no decryption possible.

    The only way to guess (you can never be sure, since 2 different originals could lead to the same hash) the original of a hash is to create a database of all possible plaintext->hash (rainbow table). These rainbow tables are different for each exact implementation of the algorythm. I have until now not seen any rainbow table for the multiple MD5 that vBulletin uses. The cahnce that there will ever be one is also very unlikely since it would take years of processing on some heavy duty servers to calculate them.

    Leave a comment:


  • filburt1
    replied
    You can't "decrypt" anything because MD5 hashes aren't "encrypted" forms of anything. And if they were, there would need to be certificate data, which you don't have. You're just guessing at common passwords.

    Leave a comment:


  • dreamer81
    replied
    Originally posted by Zonex View Post
    you sure your not just looking at an md5 database? http://md5.rednoize.com/

    yeah Im sure
    that database doesn't hold as many md5 hashes that i can decrypt

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X