| 12:36 pm on Nov 3, 2005 (gmt 0)|
It's a one-way process that can't be reversed. Even brute-force techniques won't give you the original value.
| 1:17 pm on Nov 3, 2005 (gmt 0)|
See this thread: [webmasterworld.com...]
| 1:18 pm on Nov 3, 2005 (gmt 0)|
|It's a one-way process that can't be reversed. Even brute-force techniques won't give you the original value. |
Original value can be guessed with dictionary based attack.
| 2:12 pm on Nov 3, 2005 (gmt 0)|
|Original value can be guessed with dictionary based attack |
As different inputs can in theory return the same MD5 hash you can never be certain that you've determined the original string.
| 2:22 pm on Nov 3, 2005 (gmt 0)|
|As different inputs can in theory return the same MD5 hash you can never be certain that you've determined the original string. |
Not true -- MD5 hash is guaranteed to be unique for a given string - even one bit change would ensure MD5 hash is different. That's why its used for integrity checks - if you were right then it would not have been reliable method.
| 2:27 pm on Nov 3, 2005 (gmt 0)|
Actually Chirp is correct - it is indeed possible to have two identical MD5 hash results from two different strings.
It's one of MD5's weaknesses. It's no longer recommended as secure.
You can read up on MD5 here, which also has links to various projects and applications designed for reverse engineering MD5 hash codes:-
| 2:40 pm on Nov 3, 2005 (gmt 0)|
|it is indeed possible to have two identical MD5 hash results from two different strings. |
Its called a collision and it can happen to any hash. The issue is that how often it happens - they are extremely rare with MD5, more importantly if you read research you will see that collisions are found by manipulating big data sizes, try finding collision for something simple like "password0438040".
The bottom line is this: collisions are very rare, so if you have some text that results in desired MD5 hash then you can be almost certain that that text is the "password" you needed. And even if its not it will still work because IF its a collision then your password will be deemed as good as the original one -- the hash is the same!
| 4:38 pm on Nov 3, 2005 (gmt 0)|
|IF its a collision then your password will be deemed as good as the original one -- the hash is the same! |
MD5 is pretty good - certainly up to scratch for most hashing purposes. I was pulling you up on your original statement:-
|MD5 hash is guaranteed to be unique for a given string |
.... (your emphasis) which is not correct.
| 4:41 pm on Nov 3, 2005 (gmt 0)|
But collisions are the rare and the actual subject of discussion was actual feasibility of decrypting original string which can be done with dictionary attack -- in the highly unlikely event of the collision a different string will be found resulting in the same hash (and thus being as good as original string for most cases), with added bonus of allowing you to make some headlines in crypto world for finding simple MD5 collision :)
| 6:22 pm on Nov 3, 2005 (gmt 0)|
Just to throw this out
- The Chinese team last year algorithmically found MD5 collisions, which is the main reason it is no longer considered secure. I would guess that it's just a matter of a few years of research and computing horsepower and lots of people will be able to crack MD5 strings.
- Lord Majestic, sorry but "guaranteed" is not the same as "highly likely" or "rare". Absolute pronouncements are guaranteed to get pedants in a fluff. Or is it highly likely that they will. Not sure ;-)
LM and TJ - you know that is my hopefully not too distasteful attempt to tease right!
I think everyone pretty much agrees. It's very very hard to find collisions and very unlikely that a given short string will collide with another short string. With the exception of 1 Chinese team, MD5 hashes are cracked via dictionary attacks. Can we leave it there and move on?
| 4:17 am on Nov 6, 2005 (gmt 0)|
This is interesting!
one-way propiety of MD5 hash ==> imposibility of reversibility
one-way propiety of MD5 hash =/=> imposibility of decription
two different things.
any way, encription is a numerical process (analitical math, not pure math), then is subject to computing power posibilities more than over a logical demonstration.
brute-force or dictionary attacks always will be posible. and finally succesful. the unique defense is to be superior in computing capatibility (luxury of few people, but exists them).
besides a winner of lottery win guessing (random) and not decripting. how defense there is against that?
MD5 is death, that's true. then what? I use it for send passwords from browser to server. But i don't worry about it (I dont't protect a bank). but not for that we will be quite, let's look for alternatives. (sorry for my english, i hope write with sense)
please, you now...
| 4:49 pm on Nov 6, 2005 (gmt 0)|
I think that is a good distinction. Decryption and reversibility are not the same.
I don't know the details of the Chinese research team's solution, but I know they did not crack MD5 with dictionary or similar attacks as that has long been possible. As I understand it, they have been able to find collisions algorithmically, but I am not sure that their algo allows you to find collisions for any given hash ($10,000 prize for the person who does that, and I'm not sure they collected), or if it allows them to generate two strings that will collide.
| 5:37 pm on Nov 6, 2005 (gmt 0)|
you must have md5 hashed passwords in your database.
see this: [pajhome.org.uk...] (yahoo use exactly this implementation, thanks to Paul Johnston)
only an advise:
don't forget clean plain password input before send it.
but, what next SHA-1? (see same link above)
| 5:39 pm on Nov 6, 2005 (gmt 0)|
The only way of preventing the brute force method is "3 times and then lock" method.
md5 is not dead. It's not as if someone broke it... You still cannot reverse it algorythmically, only by checking every combination/dictionary
For simple password protection it is still usable.
To improve the quality of my decryption I hash not just the password, but
"username.password" string, which with unique username and no dots allowed gives me more security - even if you find the collision it needn't necessary be that collision.
Best regards all!
| 5:55 pm on Nov 6, 2005 (gmt 0)|
You right: "3 times and then lock" method is totally implementable on web.
I too send the username md5 encripted (it's necessary have it same on database, of course)
I use too a random number in some place, than do not be sent it through web, only mantain on server.
ergophobe please tell us about it if you implement something similar.
| 5:42 pm on Nov 8, 2005 (gmt 0)|
| 8:54 pm on Nov 8, 2005 (gmt 0)|
To the OP there are sites that have huge databases of hashes that you can query. Look in google for them.
| 10:09 pm on Nov 8, 2005 (gmt 0)|
Great suggestion. I pulled two user passwords out of my DB and tried them on three MD5 hash lookup DBs. One site found one password, the others failed.
Good idea though.
| 10:15 pm on Nov 8, 2005 (gmt 0)|
|To the OP there are sites that have huge databases of hashes that you can query. |
That's the dictionary based attack I mentioned in the beginning of this thread.