[Resolved] is it possible to decode a password from md5 format?

airric

I need to decode a password from md5 format to display the actual password in a account inof page. Is it possible?

Thanx, Airrc

AstroTeg

No. MD5 is a one way hash. You could try hacking away at it by using a dictionary lookup to compare password hashes with the hashed password you're trying to find. I don't know how long that would take though.

To reset a password with MD5 in place, one usually just deletes the MD5 hashed password and create a new hash based off of a new password.

Roger_Ramjet

Originally posted by AstroTeg
I don't know how long that would take though.

How long till the end of the Universe?

From the MD5 RFC

It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest.

What that means is that mathematicians think the 128-bit encryption used in MD5 is un-crackable, but have not been able to come up with the proof yet. Of course they may be wrong; and you could win the Nobel prize by proving them wrong. Or steal a squillion dollars cracking passwords.

airric

OK! thanks I thought I was spinning my wheels on it.

Airric

AstroTeg

Originally posted by Roger Ramjet
How long till the end of the Universe?

What that means is that mathematicians think the 128-bit encryption used in MD5 is un-crackable, but have not been able to come up with the proof yet. Of course they may be wrong; and you could win the Nobel prize by proving them wrong. Or steal a squillion dollars cracking passwords.

From what I've seen on the 'net, it has been proved that 2 different strings can produce the same MD5 hash. So the trick is finding a string that produces the same hash. This just becomes a dictionary attack. You take a random word and apply the MD5 algorithm. Does the hash match the hash you're trying to match? No? Find a new word and rinse and repeat.

I believe someone on the 'net has a database of hashes based on the lower case alphabet up to 4 characters or maybe more. That might be an interesting exercise: take the hash you're trying to break and do a search and see if its in there.

Roger_Ramjet

Well if your passwords are that simple then a dictionary attack is easy. Try it with mixed case and special characters, with non words and foriegn languages, see how long that takes.

AstroTeg

Originally posted by Roger Ramjet
Well if your passwords are that simple then a dictionary attack is easy. Try it with mixed case and special characters, with non words and foriegn languages, see how long that takes.

That's why I said, "I don't know how long that would take though."

If the password was crafted with some thought, it won't be easy. But the other theory is most people do not choose strong passwords. I believe adding a key to the user's password would also make it much harder (not only would you have to find the password, you'd have to find the key used and how it was appended).

Roger_Ramjet

Yep. In the long run any password system is only as good as the users. That is why DOD Orange Book for System V specified no real words, no proper names and at least 1 digit as well as min 8 chars and mixed case. Don't think anyone has beaten that yet.

And we seam to have taken over this thread from poor old airric :bemused:

onion2k

Originally posted by AstroTeg
I believe someone on the 'net has a database of hashes based on the lower case alphabet up to 4 characters or maybe more. That might be an interesting exercise: take the hash you're trying to break and do a search and see if its in there.

Theres only 456,976 possible combinations of 4 lower case letters. Thats not very much at all. Certainly not an unreasonable amount to crack using brute force..

AstroTeg

Ah, here's one: http://md5.crysm.net/

27.8 million records so far.

laserlight

I need to decode a password from md5 format to display the actual password in a account inof page. Is it possible?

You could find a string that gives the same hash, but you'll never know if it is the 'actual password'.

Let's take for example a simple hashing algorithm for:
n = h (mod m)
Our hash, h, is obtained by taking the original integer, n, under modulo m.
So given n=1,2,3 or 4
We get h=1,0,1 or 0 respectively.
Now given h=0 or h=1, you dont know which n is the original one that the algorithm was applied to.

If you were trying to break into a system it wouldnt matter, but if you have more altruistic reasons (e.g. to tell users who forgot their password what it was) it just wouldnt work, even if you found a way that made it computationally feasible to find strings that produce the same hash as the one you were given.

What that means is that mathematicians think the 128-bit encryption used in MD5 is un-crackable, but have not been able to come up with the proof yet. Of course they may be wrong; and you could win the Nobel prize by proving them wrong.

There is no Nobel prize in mathematics... but there is a Fields Medal :p
MD5 is an algorithm that generates 128-bit hashes with certain properties - it is not 128-bit encryption.

From what I've seen on the 'net, it has been proved that 2 different strings can produce the same MD5 hash.

That's obvious - the input is pretty much of unlimited length, while the output is fixed at a length of 128 bits.

Installer

I'm glad somebody made that point, l.l. So given an infinite-bit universe, the possible strings hashed by one md5 string would be an infinite subset (if my calculations are correct 🙂 ). More down-to-earth, the work done by crysm.net shows why passwords should be at least a couple more than four characters in length.

Weedpacket

Originally posted by Installer
I'm glad somebody made that point, l.l. So given an infinite-bit universe, the possible strings hashed by one md5 string would be an infinite subset (if my calculations are correct 🙂 ).

Yep, that works for me: if there are an infinite number of possible messages and only a finite number of possible hashes, then at least one of those hashes must correspond to an infinite number of messages. The hash algorithm could be "every message less than 100 characters in length hashes to itself, every other message hashes to the string "0". but that wouldn't be a very useful hash for our purposes. I presume Rivest designed MD5 sufficiently well that every MD5 hash would correspond to an infinite number of messages with a reasonably uniform distribution.

More down-to-earth, the work done by crysm.net shows why passwords should be at least a couple more than four characters in length.

And why you should never enforce an upper limit on password length (if you're storing them as hashes, you don't really need to anyway).

Roger_Ramjet

Well, saying 'you'd win the Nobel prize for that' is just a saying we have around here for situations like this, where someone asserts that they can do something no one else has ever done, or is ever likely do. It is just sarcasm that often goes over the head of it's subject. to everyone elses added amusement.

That said, I thought there was one for Math but it turns out it's for Economics, very different thing.