1

I am looking into md5 hashing in java with the MessageDigest Class, lets say I do that 

public void givenPassword_whenHashingUsingCommons_thenVerifying()  {
    String hash = "35454B055CC325EA1AF2126E27707052";
    String password = "ILoveJava";

    String md5Hex = DigestUtils
      .md5Hex(password).toUpperCase();

    assertThat(md5Hex.equals(hash)).isTrue();
}

So i did convert my password String into an md5 hash, lets say my recipient now wants the String not as hash, but as an normal String ( The Hash is just for transmission ), how can i convert the md5 hash String back to an "normal" Text String?

Savior
  • 3,225
  • 4
  • 24
  • 48
4c 6f 76 69 73
  • 29
  • 6
  • 3
    Does this answer your question? [How to reverse MD5 to get the original string?](https://stackoverflow.com/questions/12287704/how-to-reverse-md5-to-get-the-original-string) – andrewJames Apr 13 '20 at 22:10
  • So, like not really, isn't hashing to encrypt things, so if I have like the hash key I can decrypt it on the other hand. Because I am trying to build a password algorithm that transmits the password using md5, is that the wrong way? – 4c 6f 76 69 73 Apr 13 '20 at 22:13
  • 1
    Does the receiver already know the password, and you're trying to have it verify that the transmitter knows it as well? Or does the receiver not yet know the password, and you're trying to transmit it securely? – that other guy Apr 13 '20 at 22:20
  • Yeah, the receiver doesn't know the password, and I am trying to transmit it securely. – 4c 6f 76 69 73 Apr 13 '20 at 22:25

2 Answers2

1

There is no way to convert a hash (MD5 or SHA1 or SHA2....) into the original string.

The purpose of a hashing function is a one-way translation. There is no coming back.

The MD5 hash function is an outdated cryptographic function that generates fixed length hashes of an input data. The how and whys is beyond the scope of this answer. I urge you to visit detailed texts on these online.

Please also remember that if you are using the MD5 for cryptographic and sensitive reasons, please learn about more secure recommended hashing as SHA256 etc..

For more details, please refer to this introductory text.

Basil Bourque
  • 303,325
  • 100
  • 852
  • 1,154
Khanna111
  • 3,627
  • 1
  • 23
  • 25
1

The reason that we hash passwords in particular is because it's one way and this is good for security reasons. Imagine a bad actor got access to your database, we wouldn't want them to be able to look up the password and log in as the user. By storing the hashed password, we can perform the same hashing algorithm on the password on login and compare it with the database value in the database for a successful login.

Even this has its issues. When bad actors gain access to a compromised database, they can generate "rainbow tables" to get from the hashed value to the password. Using common hashing algorithms and software such as hashcat they build up a database of common passwords, dictionary words etc. then match the hash value to the plain text string. This is why when storing passwords, we also use salting, which can be easily researched, Google "salting and hashing".

I see another answer which states that "The purpose of the hashing function is a one way translation". I think this is an over simplification. A hashing algorithm returns a message digest. It's a fixed length alphanumeric message which, as uniquely as possibly, represents the input. One the most important properties of a hashing algorithm is the uniqueness of the message and that it differs significantly from that of similar inputs. Here's an example using MD5:

String: aaaaaaaaaa Hash: e09c80c42fda55f9d992e59ca6b3307d

String: aaaaaaaaab Hash: ba05a43d3b98a72379fdc90a1e28ecaf

Robert Bain
  • 9,113
  • 8
  • 44
  • 63