Is it possible to reverse MD5?

Question

I have MD5-hashed a string.

def hash(s: String) = {
    val m = java.security.MessageDigest.getInstance("MD5")
    val b = s.getBytes("UTF-8")
    m.update(b, 0, b.length)
    new java.math.BigInteger(1, m.digest()).toString(16)
}

Now I want the original string back. How can I do this?

You can't. It's a one way function, not intended to be reversible. — Kayaman, Nov 21 '14 at 11:30
Well, MD5 is more or less considered broken by now. It's likely that we will see significant advances in breaking MD5 in the next couple of years, so, if you can wait 10 years, then it should be possible with a combination of advances in cryptanalysis and computing power to do this in a practical timeframe, even without the use of rainbow tables. — Jörg W Mittag, Nov 21 '14 at 12:10
You didn't supply any password when "encrypting" it, so it wouldn't be a useful form of encryption even if it were encryption, since anyone could run the decryption function. — Boann, Nov 21 '14 at 16:35
@Jörg: No, the hash does not contain enough information about the original string. It isn't a matter of complexity. — Chris Martin, Nov 21 '14 at 17:50

Maarten Bodewes · Accepted Answer · 2014-12-17T14:56:25.523

5

MD5 is a cryptographic hash function. Cryptographic hashes are one way functions. You cannot reverse a cryptographic hash value, but you can brute force messages to find one.

Brute forcing means trying all possible input strings and then checking if the hash value is correct. This is possible because cryptographic hashes are also computationally unique. This means that there are endless messages that will result in the same hash value being generated, but it is impossible to two resulting in the same hash. As MD5 is broken, MD5 hashes are not unique for specially constructed messages. It is called a collision if you can find two messages that have the same hash value.

It is also possible to create huge lookup tables called rainbow tables. This can help speedup looking for the right input. That only works for relatively small or guessable data input; i.e. they are mostly used to find weak passwords. Some of these databases can be found online.

edited Dec 17 '14 at 14:56

answered Nov 21 '14 at 11:45

Maarten Bodewes

90,524
13
150
263

The question asks for the original string, though, not an arbitrary hash collision. – Chris Martin Nov 21 '14 at 17:52
@ChrisMartin It is infeasible to generate an arbitrary hash collision for cryptographically secure hashes, so that comes down to the same thing. Basically, if you brute force and you find a aswer, you can be sure it is the correct one. – Maarten Bodewes Nov 21 '14 at 19:13
Yeah, but "cryptographically secure" is not a phrase that describes md5 – Chris Martin Nov 21 '14 at 19:55
1

"As MD5 is broken, this is not true for specially constructed messages." Reading is an art too. – Maarten Bodewes Nov 21 '14 at 23:55

score 2 · Answer 2 · answered Nov 21 '14 at 11:37

2

You can not decrypt MD5 and this is feature of MD5, if you want encrypt/decrypt data then use other encryption techniques like AES

answered Nov 21 '14 at 11:37

Mulshanker Sahu

21
1

score 1 · Answer 3 · answered Nov 21 '14 at 11:31

1

You couldn't. With MD5 being one-way hash function, it is not possible.

answered Nov 21 '14 at 11:31

Marko Živanović

886
7
13

Is it possible to reverse MD5?

3 Answers3