is a there md5 decrypt function in python?

Question

Possible Duplicate:
Is it possible to decrypt md5 hashes?

i used md5.new(); md5.update("aaa"), md5.digest()

to form a md5 hash of the data "aaa" . How to get back the data using python?

md5() isn't an "encryption" function. There isn't an inverse, if there was then it couldn't be used for passwords. — rook, May 03 '10 at 20:19
@Paul Sasik: more like Cow -> Steak, try and reverse that operation ;) — Wolph, May 04 '10 at 15:48
Don't believe the haters. MD5 is so flawed at this point that you can solve the inverse with a collision attack exists that can find collisions within seconds on a computer with a 2.6 GHz Pentium 4 processor (complexity of 224.1). The original code would require a rainbow table but you can find other strings that will hash to the same thing fairly quickly. This is why it's deprecated. https://en.wikipedia.org/wiki/MD5#Security — Tatarize, Nov 18 '21 at 04:34

score 22 · Accepted Answer · edited Jun 20 '20 at 09:12

22

You cannot decode an md5 hash, as hashing is a process that is best thought of as one-way encoding (that is to say what is hashed cannot be de-hashed; one can only determine what was hashed, either by examining a list of known hashes, or by hashing a set of inputs and matching the resulting hashes with the hash you are trying to "decode").

Quoting Wikipedia, the key features of such a hashing algorithm are:

it is infeasible to find a message that has a given hash,

it is infeasible to modify a message without changing its hash,

it is infeasible to find two different messages with the same hash.

The most common uses of such algorithms today are:

Storing passwords
Verifying the contents of files.

If you want to two-way encrypt the data, you need to look at other cryptographic libraries for Python (As usual, Stackoverflow has a recommendation).

edited Jun 20 '20 at 09:12

Community

1
1

answered May 03 '10 at 20:17

Sean Vieira

155,703
32
311
293

If it's not meant to be “decoded”, then “encoding” is a rather poor choice of word. Why not the traditional “one-way hash”? – tzot May 03 '10 at 22:08
@ΤΖΩΤΖΙΟΥ: Because one-way encoding/encryption is a misnomer, used only by those not entirely sure what they're talking about – BlueRaja - Danny Pflughoeft May 03 '10 at 22:33
Password hashes are cracked every day. – rook May 04 '10 at 00:16
1

I've seen it put this way: "A hash function is like making minced meat: you can't turn it back into a cow." – Thomas Sep 09 '19 at 13:03
the term 'hashing function' actually comes from cooking – Base64__ Apr 02 '22 at 01:28

score 14 · Answer 2 · answered May 03 '10 at 20:17

14

You can't. That's the point - a hash is one-way, it's not the same as an encryption.

answered May 03 '10 at 20:17

BlueRaja - Danny Pflughoeft

84,206
33
197
283

2

A hash isn't necessarily one-way, but MD5 sure is. ;) A hash is only one-way if there are collisions such that any two distinct inputs have the same result. – Nathan Ernst May 03 '10 at 22:48
2

@Nathan: That makes no sense whatsoever. – BlueRaja - Danny Pflughoeft May 11 '10 at 20:21
care to elaborate on *why* it doesn't make sense? If you look at it from a mathematical perspective, a hash is merely a function `h(x)=y` where `h` is the hash function, `x` is the input, and `y` is the output. A hash is only one-way if there is any such `x` and `z` that `h(x)=y` *and* `h(z)=y` given that `x != z`. Suppose `h(x)` is just an identify (say `x` is an integer or a char type), or even just a simple rotation. This would be entirely reversible and thus not one-way. – Nathan Ernst May 11 '10 at 23:28
1

@Nathan: You are confusing the mathematical definition of [one-way](http://mathworld.wolfram.com/Many-to-One.html) with the computational definition of [one-way](http://en.wikipedia.org/wiki/One-way_function). If we were to use your definition, *every* function with a fixed-size output would be a hash (which is technically true of general ["hashes"](http://en.wikipedia.org/wiki/Hash_function), but certainly not true of [cryptographic hashes](http://en.wikipedia.org/wiki/Cryptographic_hash_function), which is what we're discussing here). – BlueRaja - Danny Pflughoeft May 12 '10 at 00:18

score 3 · Answer 3 · answered May 03 '10 at 20:21

I don't know about Python - but hash function are irreversible. First of all, note that hash functions provide a constant length output - meaning that information will be thrown away (you can hash a file of 3 MB and still only get a result of less than 1 kB). Additionally, hash functions are made for the fact that they aren't reversible, if you need encryption, don't use hashing but encryption - a major application of hashing is when the database info has leaked (which contained hashes) that the passwords have not been compromised (there are more examples, but this is the most obvious one)

This is only for cryptographic hash functions. A purely mathematical hash function has no inherit size hash(n) = n % 101, even though there will be a type size associated with most implementations. This is a common method for mapping values to array indices, even though it is irreversible (unless you know n <101), it is pretty easy to predict possible inputs. — mikerobi, May 03 '10 at 20:40

score 3 · Answer 4 · answered May 03 '10 at 20:23

If you want to break a hash, such as a password hash. Then you need a very large lookup table. John the Ripper is commonly used to break passwords using a dictionary, this is a very good method espeically if its a salted password hash.

Another approch is using a Rainbow Table, however these take long time to generate. There are free rainbow tables accessible online.

Here is a python script to perform an md5() brute force attack.

score 1 · Answer 5 · edited May 23 '17 at 12:34

1

To add to everyone else's point, MD5 is a one-way hash. The common usage is to hash two input values and if the hashed values match, then the input should be the same. Going from an MD5 hashed value to the hash input is nonsensical. What you are probably after is a symmetric encryption algorithm - see two-way keyed encryption/hash algorithm for a good discussion on the subject.

edited May 23 '17 at 12:34

Community

1
1

answered May 03 '10 at 20:23

D.Shawley

58,213
10
98
113

"md5 is one-way hash" That sentence is not incorrect, but it incorrectly implies that there are two-way hashes... – Jasper May 03 '10 at 21:32
@Jasper - MD5 is a one-way hash function which makes it a candidate for a _cryptographic_ hash function and you are correct that two-way _cryptographic_ hash functions are complete nonsense. I guess that I should have said that "MD5 is a cryptographic hash function so it is inherently irreversible". – D.Shawley May 03 '10 at 22:03
1

@Jasper: I see your pendantry call and raise you: Perfect hashes. All legal inputs map to a distinct output, and therefore can be reversed, and so is a two-way hash function. – Jason May 03 '10 at 22:10

score 0 · Answer 6 · answered May 03 '10 at 20:19

0

In general, the answers from BlueRaja and Sean are correct. MD5 (and other hash functions) are one-way, you can't reverse the process.

However, if you have a small size of data, you can try to search for a hash collision (another, or the same, piece of data) having the same hash.

answered May 03 '10 at 20:19

ssube

47,010
7
103
140

collision searching is very time consuming i think you mean to say a dictionary attack. – rook May 03 '10 at 20:20
Yes, it would be much faster to use a dictionary attack to find the colliding bits of data (in the end though, it is a collision in the hash). – ssube May 03 '10 at 20:24

score 0 · Answer 7 · answered May 04 '10 at 15:56

Hashes map a bunch of data to a finite (albeit large) set of numeric values/strings.

It is a many-to-one mapping, so that decoding a hash is not only "difficult" in the cryptographic sense, but also conceptually impossible in that even if you could, you would get an infinite set of possible input strings.

is a there md5 decrypt function in python?

7 Answers7

Linked