0

Does MD5 hashes the string or it encrypt it? If it hashes it, then it's as they say a one-way hash function and original string (or data) are non-recoverable by the hash produced because it's only for authentication. Then how can we explain the online websites for MD5 decryption? I actually tried it, it gets back the original string. And here's a site that does this: http://www.md5decrypter.co.uk/

How is this possible?

templatetypedef
  • 362,284
  • 104
  • 897
  • 1,065
Billo .S
  • 119
  • 1
  • 10
  • 2
    -1 because, well, *please search*. I recommend Wikipedia - i.e. [MD5](http://en.wikipedia.org/wiki/MD5http) - as a general starting point for such introductory questions. –  Dec 27 '12 at 21:52
  • @pst I read alot about MD5 , I'm just asking how can those sites decrypt the hash if it is as they say one-way hash function ? – Billo .S Dec 27 '12 at 21:55
  • That website clearly explains that they have a database of MD5 hash -> string entries. You're just doing a lookup. – Jonathon Reinhart Dec 27 '12 at 21:55
  • Some related SO questions (that are *easily found with searches*): http://stackoverflow.com/questions/1240852/is-it-possible-to-decrypt-md5-hashes , http://stackoverflow.com/questions/12287704/how-to-reverse-md5-to-get-the-original-string , http://stackoverflow.com/questions/1562064/decrypt-md5-hash (etc) –  Dec 27 '12 at 21:55
  • @JonathonReinhart and clearly it should be that within few years since it was invented the databases are getting larger and it might decrypt any hash in the future right ? is that safe for browsers and internet-based apps that uses MD5 ? – Billo .S Dec 27 '12 at 21:57
  • @Billo.S *Please read the related questions and **try some searches of your own***. Also, another keyword when dealing with hashes is `salt` (which you would readily find if looking up `rainbow tables` or `password` in context). –  Dec 27 '12 at 21:58
  • @Billo.S No. There are exactly 2^128 possible MD5 hashes, and an infinite number of input strings. (Collisions are of course possible) – Jonathon Reinhart Dec 27 '12 at 21:59

3 Answers3

2

MD5 is a hash algorithm, meaning that it maps an arbitrary-length string to a string of some fixed length. The intent is to make it so that it is hard to start with the output of an MD5 hash and to recover some particular input that would hash to that output. Because there are infinitely many strings and finitely many outputs, it is not an encryption function, and given just the output it's impossible to determine which input produced that output.

However, MD5 has many cryptographic weaknesses and has been superseded by a variety of other hash functions (the SHA family). I would strongly suggest not using MD5 if cryptographic security is desired, since there are much better algorithms out there.

Hope this helps!

templatetypedef
  • 362,284
  • 104
  • 897
  • 1,065
1

MD5 is a cryptographic hash function. It maps a variable-length string to a 128-bit hash value. It's one-way but the code can be cracked quickly using Rainbow Tables. Not to mention the site you posted says it has

a total of just over 8.7 billion unique decrypted MD5 hashes...

so it can check against those first before it even needs to try to crack it.

Foggzie
  • 9,691
  • 1
  • 31
  • 48
1

They don't "decrypt", they find a string that matches your hash, which is not the same thing but when you limit yourself to common English words it could very well be.

To understand what's going on you have to consider the count of possible MD5 hashes - 2^128, which is more than the count of words in English (2^16?) but much less than all possible string values 2^(number of bits the internet has and then some)

When you convert from a smaller set into a bigger one (english->MD5) it's likely all values will be different, but the other way around isn't true.

Bottom line: use a password that isn't a string that can be found by google anywhere on the net.

Sten Petrov
  • 10,943
  • 1
  • 41
  • 61