Is there a way to convert an md5 encoding back into a regular text string? I read somewhere that it was impossible, but I don't know how there could be an algorithm to convert a string into md5, but not have anything to convert it back.
There is no algorithm to convert from md5 to the original string, you can always brute force the hash but that only works for relatively simple strings, 8 characters long or less.
There are websites out there that have a database full of strings and their md5 hashes and you can input your md5 hash and it will run it across their database and see if there's a match. Try googling it.
http://gdataonline.com/seekhash.php is a good one but as I said, you can only brute force relatively simple strings. if the hash is of the string 'google' then it's easy to crack, but if it's the hash of 'kjhsdf11!!' you wouldn't be able to crack it.
Also you have to understand that just because you found A string that, when MD5'd, produces the same as the MD5 hash, it doesn't mean that you've found THE original string that was used...
Exactly. Note that there's an infinite number strings which produce the same MD5 hash. Considering that an MD5 is always 32 characters long, and only contains letters from a-f and numbers from 0-9, whereas the original string can be any length, and any character. No, there aren't. But as mentioned above, there are some databases which contain a bunch of MD5s, along with the original string. Which might help... but as said, it doesn't guarantee that the string you get is the same as the one you originally MD5'd.
There are actually a bunch out there that say they can crack md5s, and you usually always need what they call a Rainbow Table, but they hardly EVER work and if they do, they will take a very long time to crack it since they keep trying almost every possibility and try to match it up. If using a website that runs the hash against their database stored ones doesn't help, you can try a site that puts your hash in a queue and attempts to crack it using rainbow tables as I mentioned. An example of this type of site would be passcracking.com (a password recovery site). I'm going to assume that what you're trying to recover isn't really a very odd string like "fjjka3$!$@$j<BA."
They DON'T hardly ever work. I could crack 80% of DP's forum member's passwords if I had the MD5 hashes. Most people have quite simple passwords, like kamelot/mari0/catfish/password123, all of these combined can be cracked in minutes but maybe a little longer for the last one. And a rainbow table is usually not necessary. Cain and Abel is a good MD5 cracker, along with many other uses. It can try millions of character combinations per second (if I remember correctly).
I think everyone just needs to understand that MD5's algo and there method of decryption is currently unknown and uncrackable, and the only way to find the original string is to brute force a ton of character combinations until the hash matches. IF someone (unlikely but i guess possible) found a way to crack md5 you would find almost instantly another encryption type would hit the programming arsonal Dan
Those are all simple passwords though.. of course you'd be able to crack those. I'm sure there are some people who are smart enough to use more advanced passwords. Those are the ones that bring up the "they hardly ever work" It's not like MD5 is closed-source or anything.. the reason there's no means of cracking it yet is because it IS basically a one-way street. You just can't completely reverse it for the reasons that nico_swd brought up (it doesn't use every letter of the alphabet and it's always the same length so there's an infinite amount of strings for any one hash).
80% of people do use passwords that weak though, so 80% of MD5 hashes can be broken within minutes or hours (and multiple hashes can be cracked concurrently). MD5 is only secure when protecting a complicated/long string. There is a very low chance of you finding two strings with the same MD5 hash, you will only find a duplicate once every 6.33403E+49 strings. And if the website stores the MD5 hashes in the database rather than the plain text password it doesn't matter which string generates the correct MD5 hash.
It isn't impossible to decrypt an md5 generated hash, but the process is so resource intensive and time consuming that it is extremely improbable for a semi-decent password to be correctly decrypted in a reasonable amount of time. By the time it gets deciphered the password should, ideally, have already been changed a few times over. Of course, there are those who still use "cheese" or "test" or other insecure passwords ("admin"? *shudder*), but I'd like to think that most of the people who visit DP are at least smart enough to pick a good password. Even if you get the hash somehow there isn't any guarantee that the de-hashed string you generated will work. I use a custom function that combines multiple salts and hashes to generate what I consider to be a much more secure hash than what you would get just through md5, which isn't exactly an easy thing to crack to begin with. Even if someone found the function I use I doubt it would help them reverse engineer existing hashes, and by the time they did crack it we'd all be having the internet beamed into our brains anyway.
I have lost my PHPLD directory admin login by changing the string in database,I had to reinstall all the script. I think there is no way to change md5 hash to normal string.
Why bother reinstalling just make a PHP file with this: <?php echo md5('My Password'); ?> PHP: it will echo the hash and u jsut insert it manually into the database
Well then obviously he would have to just open say login page and search for md5 or sh1 if it comes back true then u use that one...
Thanks for the info guys! I always thought that each string has it's own unique MD5 hash but it looks like I was so wrong! lol
^ If that was the case, we could forget about ZIP and RAR. We'd now be able to compress any file to the size of 32 bytes.