Announcement

Collapse
No announcement yet.

I can decrypt MD5

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • I can decrypt MD5

    For those of you that thinks MD5 is safe, i can decrypt a lot of MD5 strings.

    At the moment i can only decrypt strings between 1 and 7 characters that consists of capital letters and numbers.

    for instance

    123456R or HELLO or DREAMER or BIRD666


    post your md5 that consists of capital letters and/or numbers, and I will prove it to you
    My site
    www.coolservice.dk

  • #2
    You're not decrypting, what you have is called rainbow tables
    And just before anyone asks, vBulletins passwords are not affected by this, because they're hashed twice and salted.
    Best Regards
    Colin Frei

    Please don't contact me per PM.

    Comment


    • #3
      you sure your not just looking at an md5 database? http://md5.rednoize.com/

      Comment


      • #4
        Originally posted by Zonex View Post
        you sure your not just looking at an md5 database? http://md5.rednoize.com/
        Indeed
        Dean Clatworthy - Web Developer/Designer

        Comment


        • #5
          Originally posted by Zonex View Post
          you sure your not just looking at an md5 database? http://md5.rednoize.com/

          yeah Im sure
          that database doesn't hold as many md5 hashes that i can decrypt
          My site
          www.coolservice.dk

          Comment


          • #6
            You can't "decrypt" anything because MD5 hashes aren't "encrypted" forms of anything. And if they were, there would need to be certificate data, which you don't have. You're just guessing at common passwords.
            --filburt1, vBulletin.org/vBulletinTemplates.com moderator
            Web Design Forums.net: vB Board of the Month
            vBulletin Mail System (vBMS): webmail for your forum users

            Comment


            • #7
              Like filburt also mentioned, MD5 is not an encryption, but a hash. The difference between these 2 is that with an encryption-algorythm it is a 2way process encrypt<->decrypt. With a hash this is a 1-way process, there is no decryption possible.

              The only way to guess (you can never be sure, since 2 different originals could lead to the same hash) the original of a hash is to create a database of all possible plaintext->hash (rainbow table). These rainbow tables are different for each exact implementation of the algorythm. I have until now not seen any rainbow table for the multiple MD5 that vBulletin uses. The cahnce that there will ever be one is also very unlikely since it would take years of processing on some heavy duty servers to calculate them.
              Want to take your board beyond the standard vBulletin features?
              Visit the official Member to Member support site for vBulletin Modifications: www.vbulletin.org

              Comment


              • #8
                It's possible to make a rainbow table for multiple MD5 + salts, but depending on the length of the salt, there's over 100 possibilities for one password.

                Comment


                • #9
                  There needs to be a thread with "This is encryption and this is a hash" .......
                  I wrote ImpEx.

                  Blog | Me

                  Comment


                  • #10
                    c16d33e92f948ede8fd0a51ea8c8ee5e . Unhash now. No, it's not profanity.

                    With an MD5 hash string that PHP generates, there are 16^32 possibilities for hashes. That's just about 340,282,366,920,938,463,463,374,607,431,770,000,000 possibilities (sorry about the lack of precision). So, if you could calculate a million MD5 hashes per second, it'll take you about 1078289752455631808069607.9785274 years maximum to get it right.

                    Windows Calculator > *

                    Having said that, this query should show you how many users have duplicate passwords, and therefore stupidly simple passwords in all likelyhood:
                    Code:
                    SELECT COUNT(password) - COUNT(DISTINCT password) FROM user
                    ...if that works in MySQL (fine in PostgreSQL) and if the table is set up as I recall.
                    Last edited by filburt1; Thu 7 Sep '06, 5:37pm.
                    --filburt1, vBulletin.org/vBulletinTemplates.com moderator
                    Web Design Forums.net: vB Board of the Month
                    vBulletin Mail System (vBMS): webmail for your forum users

                    Comment


                    • #11
                      Originally posted by Colin F View Post
                      And just before anyone asks, vBulletins passwords are not affected by this, because they're hashed twice and salted.
                      LOL Salted Do we get cheese with that??
                      MCSE, MVP, CCIE
                      Microsoft Beta Team

                      Comment


                      • #12
                        Originally posted by Joe Gronlund View Post
                        LOL Salted Do we get cheese with that??
                        I'm hungry now. Cheese and crisp buttys, with salt on of course.

                        Comment


                        • #13
                          Originally posted by Gary Bolton View Post
                          I'm hungry now. Cheese and crisp buttys, with salt on of course.

                          Me too
                          MCSE, MVP, CCIE
                          Microsoft Beta Team

                          Comment


                          • #14
                            filburt1, that query won't work because of the salt. Even if 5 people have the same password, the salt will change the second hash.
                            Best Regards
                            Colin Frei

                            Please don't contact me per PM.

                            Comment


                            • #15
                              .....and even without the salt, 2 different passwords could lead to the same hash, so duplicate hashes would not need to mean that the passwords are the same.
                              Want to take your board beyond the standard vBulletin features?
                              Visit the official Member to Member support site for vBulletin Modifications: www.vbulletin.org

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X