MD5 Can be Decrypted. Unbelievable!

Hi Guys!

Until yesterday I was under an impression that MD5 hashes cannot be reversed and is thus secured but then I found this site http://www.md5decryption.com/ which actually reverses your MD5 hash value, I was like WTF.

I am sure there are other sites that can decrypt other hash functions like sha1, tiger160, sha256 etc.

Please share your views about it?


Thanks

 

These sites just have large databases of the md5 hashes of common strings. They're not really decoding it (that's not possible since there are multiple possible inputs for every md5 hash), just providing a tool for dictionary attacks.

 

ok

I have a question in my mind


what if its an 10 character alphanumeric password and the attack is a brute force attack?

Then how much time will it take to recover the password using a modern PC?

 

since its a quadratic function, simply increasing the length by a few characters will take a while.

quite a while, there's a hell of a lot of combinations its 36^10 (3,600,000,000,000,000) combinations.

If you're worried about decryption bear in mind they might have the MD5 for 'rabbit' but not n7sns}{383_rabbit, so just salt all your passwords.

 

Whats the best way of salting?

 

they're not really do that job ... just matching with available database of MD5 ....

regards

 

generate a random string when the user signs up, store it as the salt

then when the user logs in check to see if the salt combined with the password enters matches the password!

so password is '6436d1797416c4ad0a479dfc584ee999' which is jd84napples md5 encrypted
store the salt as jd84

then when the user logs in see if the salt and the text entered is the password!

so i enter pears

it sees if my password is md5(jd84pears) and no its not. if i enter apples md5(jd84apples) and yes it is!

 

Get user's password, generate a fixed length salt . Combine md5 hash of password with salt, then rehash it.

Store the new hash and the salt in db.

User enter the password, instead of sending password, send the md5, so it is safe from hacker. Second combine with salt found in username, rehash it and compare with stored hased

If match, login else invalid user !

 

md5 can't be decrypted

 

Not all inputs

A decryption for this hash wasn't found in our database

 

MD5 is considered insecure since there have been various papers (and code) that have demonstrated collisions.

 

md5 can't be decrypted, anyway you should find usefull lectures about rainbow tables

 

they have two websites.. one to encrypt and one to decrypt.. so watever people encrypt using their website they store in a databse and use them to decrypt strings.