Undo md5()?

I am trying to show how unsecure md5() hashing is is there a way to decrypt a password that uses md5


md5 is a hash not an encrypter which means there is no way to recover the plain password from a hashed password. Strictly one way.

Here are a few reasons that md5 and passwords are not a good mix:

1 Like

If the password is weak you can use a rainbow table to decrypt it - search for rainbow tables and you’ll find many online services for doing that. You will notice that most of dictionary words hashed with md5 can be “decrypted” using a rainbow table.

If the password is uncommon then no rainbow tables can help and you must brute force it. If it is short it will take little time but if it’s long then it won’t be possible within any reasonable time frame. Supposedly, there are weaknesses in md5 that allow to shorten the time for brute force but they are of limited help. I think a very long and strong password hashed with md5 will be practically impossible to decrypt - however, a weakness in the algorithm might allow someone to find another string that hashes to the same value (I’m not up to date with how far such weaknesses have been proven to work).

1 Like

From the link given by @ahundiak
Using salted md5 for passwords is a bad idea. Not because of MD5’s
cryptographic weaknesses, but because it’s fast. This means that an
attacker can try billions of candidate passwords per second on a single GPU.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.