homepage Welcome to WebmasterWorld Guest from 54.197.183.230
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Decrypt md5 encrypted string.
Get plain text from md5 encrypted string
compose

5+ Year Member



 
Msg#: 10659 posted 12:26 pm on Nov 3, 2005 (gmt 0)

Hi,

I have a md5 encrypted string. Now i want to get original string from this, means i want to decrypt it. I search php manual but i not find out how to do it.

Please help me....

Vineet

 

chirp

10+ Year Member



 
Msg#: 10659 posted 12:36 pm on Nov 3, 2005 (gmt 0)

It's a one-way process that can't be reversed. Even brute-force techniques won't give you the original value.

kamakaze

10+ Year Member



 
Msg#: 10659 posted 1:17 pm on Nov 3, 2005 (gmt 0)

See this thread: [webmasterworld.com...]

Lord Majestic

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 10659 posted 1:18 pm on Nov 3, 2005 (gmt 0)

It's a one-way process that can't be reversed. Even brute-force techniques won't give you the original value.

Original value can be guessed with dictionary based attack.

chirp

10+ Year Member



 
Msg#: 10659 posted 2:12 pm on Nov 3, 2005 (gmt 0)

Original value can be guessed with dictionary based attack

As different inputs can in theory return the same MD5 hash you can never be certain that you've determined the original string.

Lord Majestic

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 10659 posted 2:22 pm on Nov 3, 2005 (gmt 0)

As different inputs can in theory return the same MD5 hash you can never be certain that you've determined the original string.

Not true -- MD5 hash is guaranteed to be unique for a given string - even one bit change would ensure MD5 hash is different. That's why its used for integrity checks - if you were right then it would not have been reliable method.

trillianjedi

WebmasterWorld Senior Member trillianjedi us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 10659 posted 2:27 pm on Nov 3, 2005 (gmt 0)

Actually Chirp is correct - it is indeed possible to have two identical MD5 hash results from two different strings.

It's one of MD5's weaknesses. It's no longer recommended as secure.

You can read up on MD5 here, which also has links to various projects and applications designed for reverse engineering MD5 hash codes:-

[en.wikipedia.org...]

TJ

Lord Majestic

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 10659 posted 2:40 pm on Nov 3, 2005 (gmt 0)

it is indeed possible to have two identical MD5 hash results from two different strings.

Its called a collision and it can happen to any hash. The issue is that how often it happens - they are extremely rare with MD5, more importantly if you read research you will see that collisions are found by manipulating big data sizes, try finding collision for something simple like "password0438040".

The bottom line is this: collisions are very rare, so if you have some text that results in desired MD5 hash then you can be almost certain that that text is the "password" you needed. And even if its not it will still work because IF its a collision then your password will be deemed as good as the original one -- the hash is the same!

trillianjedi

WebmasterWorld Senior Member trillianjedi us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 10659 posted 4:38 pm on Nov 3, 2005 (gmt 0)

IF its a collision then your password will be deemed as good as the original one -- the hash is the same!

Exactly.

MD5 is pretty good - certainly up to scratch for most hashing purposes. I was pulling you up on your original statement:-

MD5 hash is guaranteed to be unique for a given string

.... (your emphasis) which is not correct.

TJ

Lord Majestic

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 10659 posted 4:41 pm on Nov 3, 2005 (gmt 0)

But collisions are the rare and the actual subject of discussion was actual feasibility of decrypting original string which can be done with dictionary attack -- in the highly unlikely event of the collision a different string will be found resulting in the same hash (and thus being as good as original string for most cases), with added bonus of allowing you to make some headlines in crypto world for finding simple MD5 collision :)

ergophobe

WebmasterWorld Administrator ergophobe us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 10659 posted 6:22 pm on Nov 3, 2005 (gmt 0)

Just to throw this out

- The Chinese team last year algorithmically found MD5 collisions, which is the main reason it is no longer considered secure. I would guess that it's just a matter of a few years of research and computing horsepower and lots of people will be able to crack MD5 strings.

- Lord Majestic, sorry but "guaranteed" is not the same as "highly likely" or "rare". Absolute pronouncements are guaranteed to get pedants in a fluff. Or is it highly likely that they will. Not sure ;-)

LM and TJ - you know that is my hopefully not too distasteful attempt to tease right!

I think everyone pretty much agrees. It's very very hard to find collisions and very unlikely that a given short string will collide with another short string. With the exception of 1 Chinese team, MD5 hashes are cracked via dictionary attacks. Can we leave it there and move on?

NomikOS

5+ Year Member



 
Msg#: 10659 posted 4:17 am on Nov 6, 2005 (gmt 0)

This is interesting!

I think:

one-way propiety of MD5 hash ==> imposibility of reversibility
but:
one-way propiety of MD5 hash =/=> imposibility of decription
two different things.

any way, encription is a numerical process (analitical math, not pure math), then is subject to computing power posibilities more than over a logical demonstration.
brute-force or dictionary attacks always will be posible. and finally succesful. the unique defense is to be superior in computing capatibility (luxury of few people, but exists them).

besides a winner of lottery win guessing (random) and not decripting. how defense there is against that?

MD5 is death, that's true. then what? I use it for send passwords from browser to server. But i don't worry about it (I dont't protect a bank). but not for that we will be quite, let's look for alternatives. (sorry for my english, i hope write with sense)

please, you now...

ergophobe

WebmasterWorld Administrator ergophobe us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 10659 posted 4:49 pm on Nov 6, 2005 (gmt 0)

I think that is a good distinction. Decryption and reversibility are not the same.

I don't know the details of the Chinese research team's solution, but I know they did not crack MD5 with dictionary or similar attacks as that has long been possible. As I understand it, they have been able to find collisions algorithmically, but I am not sure that their algo allows you to find collisions for any given hash ($10,000 prize for the person who does that, and I'm not sure they collected), or if it allows them to generate two strings that will collide.

When you say that you use MD5 to send passwords, do you mean that you do a Javascript hash client-side (like Yahoo's secure login?). I have never implemented this, but it seems like a way to get some of the login security of SSL, but without the need for the certificate and all.

NomikOS

5+ Year Member



 
Msg#: 10659 posted 5:37 pm on Nov 6, 2005 (gmt 0)

Exactly right!
you must have md5 hashed passwords in your database.

see this: [pajhome.org.uk...] (yahoo use exactly this implementation, thanks to Paul Johnston)

only an advise:
don't forget clean plain password input before send it.

--------------------------------------------------

but, what next SHA-1? (see same link above)

mcibor

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 10659 posted 5:39 pm on Nov 6, 2005 (gmt 0)

The only way of preventing the brute force method is "3 times and then lock" method.

md5 is not dead. It's not as if someone broke it... You still cannot reverse it algorythmically, only by checking every combination/dictionary

For simple password protection it is still usable.
To improve the quality of my decryption I hash not just the password, but
"username.password" string, which with unique username and no dots allowed gives me more security - even if you find the collision it needn't necessary be that collision.

Best regards all!
Michal Cibor

NomikOS

5+ Year Member



 
Msg#: 10659 posted 5:55 pm on Nov 6, 2005 (gmt 0)

You right: "3 times and then lock" method is totally implementable on web.
I too send the username md5 encripted (it's necessary have it same on database, of course)
I use too a random number in some place, than do not be sent it through web, only mantain on server.

ergophobe please tell us about it if you implement something similar.

good coding!

NomikOS.-

ergophobe

WebmasterWorld Administrator ergophobe us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 10659 posted 5:42 pm on Nov 8, 2005 (gmt 0)

It depends on how secure I think it needs to be. I know about the Javascript MD5 routine and have looked at it, but haven't actually used it.

webprofessor

5+ Year Member



 
Msg#: 10659 posted 8:54 pm on Nov 8, 2005 (gmt 0)

To the OP there are sites that have huge databases of hashes that you can query. Look in google for them.

ergophobe

WebmasterWorld Administrator ergophobe us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 10659 posted 10:09 pm on Nov 8, 2005 (gmt 0)

Great suggestion. I pulled two user passwords out of my DB and tried them on three MD5 hash lookup DBs. One site found one password, the others failed.

Good idea though.

Lord Majestic

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 10659 posted 10:15 pm on Nov 8, 2005 (gmt 0)

To the OP there are sites that have huge databases of hashes that you can query.

That's the dictionary based attack I mentioned in the beginning of this thread.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved