URGENT: Can a hacker get users passwords using this link

webstar

New Member

Join Date: Apr 2004

Posts: 12
- Share
- Tweet
#16

Sat 8 May '04, 3:18pm

Originally posted by bangbang

An MD5 is a one way hash only and isn NOT reversable if a user does obtain it. Doesn't matter how much processing power, time or dictionary based scripts they run against it, just can't be done.

True, but what's to stop someone who knows the outcome of a straight MD5 hash without a salt trying to recreate the same MD5 hash themselves by brute force?

Let's say the plaintext password is 'ABC' and the MD5 hash of this is '123'.
If I knew the output hash value is '123', could I not try different plaintext passwords until I got an MD5 output hash value of '123'? Then wouldn't I have a valid plaintext password?

I'm not suggesting it's reversable, but without a salt value, the MD5 hash will always work in exactly the same.
Comment

Announcement