Welcome to WebmasterWorld Guest from 188.8.131.52
As different inputs can in theory return the same MD5 hash you can never be certain that you've determined the original string.
Not true -- MD5 hash is guaranteed to be unique for a given string - even one bit change would ensure MD5 hash is different. That's why its used for integrity checks - if you were right then it would not have been reliable method.
It's one of MD5's weaknesses. It's no longer recommended as secure.
You can read up on MD5 here, which also has links to various projects and applications designed for reverse engineering MD5 hash codes:-
it is indeed possible to have two identical MD5 hash results from two different strings.
Its called a collision and it can happen to any hash. The issue is that how often it happens - they are extremely rare with MD5, more importantly if you read research you will see that collisions are found by manipulating big data sizes, try finding collision for something simple like "password0438040".
The bottom line is this: collisions are very rare, so if you have some text that results in desired MD5 hash then you can be almost certain that that text is the "password" you needed. And even if its not it will still work because IF its a collision then your password will be deemed as good as the original one -- the hash is the same!
IF its a collision then your password will be deemed as good as the original one -- the hash is the same!
MD5 is pretty good - certainly up to scratch for most hashing purposes. I was pulling you up on your original statement:-
MD5 hash is guaranteed to be unique for a given string
.... (your emphasis) which is not correct.
- The Chinese team last year algorithmically found MD5 collisions, which is the main reason it is no longer considered secure. I would guess that it's just a matter of a few years of research and computing horsepower and lots of people will be able to crack MD5 strings.
- Lord Majestic, sorry but "guaranteed" is not the same as "highly likely" or "rare". Absolute pronouncements are guaranteed to get pedants in a fluff. Or is it highly likely that they will. Not sure ;-)
LM and TJ - you know that is my hopefully not too distasteful attempt to tease right!
I think everyone pretty much agrees. It's very very hard to find collisions and very unlikely that a given short string will collide with another short string. With the exception of 1 Chinese team, MD5 hashes are cracked via dictionary attacks. Can we leave it there and move on?
one-way propiety of MD5 hash ==> imposibility of reversibility
one-way propiety of MD5 hash =/=> imposibility of decription
two different things.
any way, encription is a numerical process (analitical math, not pure math), then is subject to computing power posibilities more than over a logical demonstration.
brute-force or dictionary attacks always will be posible. and finally succesful. the unique defense is to be superior in computing capatibility (luxury of few people, but exists them).
besides a winner of lottery win guessing (random) and not decripting. how defense there is against that?
MD5 is death, that's true. then what? I use it for send passwords from browser to server. But i don't worry about it (I dont't protect a bank). but not for that we will be quite, let's look for alternatives. (sorry for my english, i hope write with sense)
please, you now...
I don't know the details of the Chinese research team's solution, but I know they did not crack MD5 with dictionary or similar attacks as that has long been possible. As I understand it, they have been able to find collisions algorithmically, but I am not sure that their algo allows you to find collisions for any given hash ($10,000 prize for the person who does that, and I'm not sure they collected), or if it allows them to generate two strings that will collide.
see this: [pajhome.org.uk...] (yahoo use exactly this implementation, thanks to Paul Johnston)
only an advise:
don't forget clean plain password input before send it.
but, what next SHA-1? (see same link above)
md5 is not dead. It's not as if someone broke it... You still cannot reverse it algorythmically, only by checking every combination/dictionary
For simple password protection it is still usable.
To improve the quality of my decryption I hash not just the password, but
"username.password" string, which with unique username and no dots allowed gives me more security - even if you find the collision it needn't necessary be that collision.
Best regards all!
ergophobe please tell us about it if you implement something similar.