|
Re: Reverse MD5
by JavaFan (Canon) on Dec 02, 2008 at 11:30 UTC
|
You mean, given an MD5 hash, retrieve the original text?
The short answer is: you can't - that's the point of an MD5 hash.
The longer answer is that it's unknown whether it can be done in any reasonable amount of time (even with reasonable being tens of years). You could of course generate all possible text, and eventually stumble upon a text that gives the given MD5 hash, but even then it's not sure whether you got the right one. | [reply] |
|
|
Digest::MD5::Reverse uses online DBs which seem to store large amounts of texts and the corresponding MD5 sums.
That is probably the only reasonable way to do this. However, simply appending a random text/date on every text makes this pretty unusable.
| [reply] |
|
|
The summer 2008 edition of 2600 has an interesting extension of this: using Google (etc.) to search for the hash and find an original text (password). Apparently a lot of people or systems post this information intentionally or inadvertently. In some limited sense, you don't need the reverse function if Google is mapping the forward function.
-QM
--
Quantum Mechanics: The dreams stuff is made of
| [reply] |
|
|
How did they get the reverse value for md5?
http://md5.rednoize.com/
| [reply] |
|
|
| [reply] |
Re: Reverse MD5
by ccn (Vicar) on Dec 02, 2008 at 11:31 UTC
|
MD5 sums (see RFC 1321 - The MD5 Message-Digest Algorithm) are used as a one-way hash of data. Due to the nature of the formula used, it is impossible to reverse it.
You can't get reverse value of MD5, but you can get a bunch of values which have that MD5 sum.
| [reply] |
Re: Reverse MD5
by zentara (Cardinal) on Dec 02, 2008 at 13:50 UTC
|
MD5 has been somewhat broken and almost everyone is using something like Blowfish now. With the supercomputers and giant memories available now, it should be pretty easy for the government.
| [reply] |
|
|
Blowfish is an encryption algorithm, not a hashing algorithm. It's not an alternative to MD5.
From here on, take what I say with a grain of salt. I'm not sure of everything.
SHA-1 is stronger than MD5, and SHA-256/512 strong still, but all are known or suspected to be broken for the same class of attacks. None are completely broken mind you. They are broken in the cryptographic sense, which means something like "being weaker than they were originally". However, attacks only get better with time.
Furthermore, the only property that is broken is the ability to produce two texts that hash to the same value, not the ability to produce a text that hashes to a given value. That property is important for document signing, but not for password protection.
Update: Re-organised to clarify uncertainty.
| [reply] |
|
|
See Blowfish and check out the section "Blowfish in Practice". I know SuSE linux uses this Blowfish hash for it's passwords, and many distros have advanced options when you install, to select the hashing algorithm to be used. Blowfish is commonly listed. Also google for "blowfish hash".
| [reply] |
|
|
|
|
|
|
|
|
| [reply] |
Re: Reverse MD5
by missingthepoint (Friar) on Feb 05, 2009 at 05:56 UTC
|
$ cpan
cpan> force install Digest::MD5::Reverse
This will install it regardless of failed tests. Then, read its documentation and post again if you need help.
Update: there's nothing to it, you just pass an MD5 hash represented with ASCII characters ('A5F218'... instead of "\xa5\xf2\x18") to the reverse_md5() function. A simple script that lets you pass hashes from the command line:
use strict;
use warnings;
use Digest::MD5::Reverse;
die "Usage: $0 <md5 hash in ascii>\n" unless @ARGV;
my $md5 = shift;
my $plaintext = reverse_md5($md5);
print( defined $plaintext ? "$md5\t$plaintext" : "NOTFOUND", "\n" );
The scary thing is I recognized the hash in the docs as being the hash of the string 'foo' without passing it to reverse_md5()... :|
I'm getting sick of my 3 line sig...
| [reply]
[d/l]
[select] |
