Will a website be able to decrypt a hashed password regardless of how it was hashed?

Question

I'm creating a python script that logs into a website (in this case, it's the url to update your IPv4 endpoint for Tunnelbroker.net), and it uses a hashed username and password.

My question is this. If I use echo mypassword | md5sum it gives me a different hash than a python script that I found (using hashlib and hashdigest to accomplish the task).

For example, if "mypass" is robots, echo robots | md5sum gives me 2cf61812c352ec4fd0dae8f52874701d but if I run it through the python script, I get 27f5e15b6af3223f1176293cd015771d

the script that I'm using is found at http://wiki.python.org/moin/Md5Passwords

My question is simply this: Will the website be able to decrypt either of those and get "robots"? I ask this, because I want to include a variation of the python script for hashing the password (in case the end user is on Windows or another operating system that can't generate a MD5 hash).

Thanks in advance, and have a great day:) Patrick.

If you encrypt something, you can decrypt it, but if you hash something, that's irreversible. — NightHawk, Oct 21 '12 at 06:43

score 5 · Accepted Answer · edited May 23 '17 at 12:32

md5 and passwords in the same sentence gives me chills.. md5 is a type of one-way hash function, which mean there should be no way to "decrypt" once hashed. It is not an encryption function. However, with rainbow table (and possibly other ways), you can recover some common strings from a md5 hash, which makes the idea of using md5 to encrypt password even worse.

But anyway, here is the answer:

No, the Python script's answer is the correct one. If you use echo -n "robots" | md5sum you will see they are the same: 27f5e15b6af3223f1176293cd015771d

The reason is echo will append a newline character at the end of the string it's echoing (surprise!), adding -n will not print the newline char and hence give you the right result.

Alternatively, you can simply use md5sum -s "robots" or md5 -s "robots" to generate the hash without using echo.

Reference for echo:

The echo utility writes any specified operands, separated by single blank (' ') characters and followed by a newline (\n) character, to the standard output.

What password hashing algorithm to use?

score 1 · Answer 2 · answered Oct 21 '12 at 06:44

1

the MD5 of the string "robots\n" is 2cf61812c352ec4fd0dae8f52874701d

the MD5 of the string "robots" is 27f5e15b6af3223f1176293cd015771d

What does md5sum robots give you?

answered Oct 21 '12 at 06:44

nohat

7,113
10
40
43

I think you mean `md5sum "robots"` – Burhan Khalid Oct 21 '12 at 07:13

Will a website be able to decrypt a hashed password regardless of how it was hashed?

2 Answers2