md5 issue

tophat · #1 (**permalink**) 03-29-06, 04:01 PM

hi. i have a site that uses md5 passwords. i need to take the md5 number that was created by converting the user's password into numbers, and reverse it.

i.e., if the md5 was bc8e99f6ecf3f4fa2d3be7a65d4f17f3, and their password was pass, than it would convert that number into pass. i just need to know if there is a function that can do this, because i can't seem to find details on one anywhere...

Nico · #2 (**permalink**) 03-29-06, 04:05 PM

Md5 is a one way hash. There's no way to decode it.

digioz · #3 (**permalink**) 03-29-06, 06:15 PM

MD5 is a one way hash, as nico_swd said. The only thing that would come close to finding the original of it is:

http://md5.rednoize.com/

But be ready to spend LOTS of time on there to get any type of result.

The way it works is, if you enter a random string, say your name (or password or whatever), into the text box and click search, it will return the md5-hash of that string (and store it in the site’s database. Now take that string, copy it and paste it into the same text box, hit search again, and it will return the original string.

For example, if you type into the search box "5d41402abc4b2a76b9719d911017c592" which is the correct MD5 hash for hello, it will return the converted value, which is "hello".

(Of course the above is meant more as a joke. So please don't email me asking questions about this)

NeverMind · #4 (**permalink**) 03-30-06, 06:00 AM

ohh! that's a dangerous website, digioz!
I think at some time in the future it will be closed since it will be a great source for hackers.

digioz · #5 (**permalink**) 03-30-06, 10:00 AM

Well, yes and no bud. What the site is suppose to demonstrate is to make people aware that just because something has MD5 / One way hash, it doesn't mean that the original string can not be obtained! In reality any programmer with some free time on their hand and an PC based dictionary can create their own hash database and do the same thing that site is doing to find weak passwords!

juggernaut · #6 (**permalink**) 06-29-06, 05:14 AM

What if you had a number of loops that go through all possible characters, generate md5 hash and stop if mach is found?

Rayden · #7 (**permalink**) 06-29-06, 06:46 AM

what juggernaut is saying is correct...this will work however same rules as any good login& password...the longer the word is the longer you will have to wait till it find a results...

Grabber · #8 (**permalink**) 06-29-06, 07:44 AM

Quote:

Originally Posted by juggernaut

What if you had a number of loops that go through all possible characters, generate md5 hash and stop if mach is found?

and if someone's password is u$@@ndc@n@*776^%^007

then your loop will go crazy

digioz · #9 (**permalink**) 06-30-06, 10:08 AM

To answer your question "tophat", you would have to use a two way encryption schema, if you want to be able to reverse it. This can either be on the Database or on the PHP side.