{"id":149841,"date":"2018-11-02T15:29:52","date_gmt":"2018-11-02T15:29:52","guid":{"rendered":"https:\/\/webkul.com\/blog\/?p=149841"},"modified":"2018-11-02T15:37:58","modified_gmt":"2018-11-02T15:37:58","slug":"decrypting-md5","status":"publish","type":"post","link":"https:\/\/webkul.com\/blog\/decrypting-md5\/","title":{"rendered":"Decrypting MD5 hashes by Reverse Lookup\/Brute Force"},"content":{"rendered":"

As all of us already knows that MD5 (message digest) is one-way digest algorithm. It means we can’t get the original string back once it gets digested\/hashed. Really…?<\/p>\n

Can we decrypt the md5ed hashes?\u00a0 \u00a0 \u00a0ummm….. Yes!<\/h3>\n

Let’s see how to get back the original string from the md5 hashes.<\/h5>\n

It is a very straightforward approach to get back the original string from the MD5ed hash known as Reverse Lookup. (aka brute-force)<\/p>\n

As MD5 always generate the same hashed key for the same input string.<\/p>\n

If we create a mapped database between original string and md5ed hashed key of the strings(all possible characters of the desired length of string and their permutations) as shown in the below table. Then, at last, we will have a database of all the possible strings and their relative hashed keys.<\/p>\n

Now, if we want to know the original string from md5 hashed key then we search the database for that hash key instead of the original string<\/p>\n

For example:<\/p>\n

 <\/p>\n\n\n\n\n\n\n\n
hash_key<\/th>\noriginal_string<\/th>\n<\/tr>\n
02ffa6505a9717c36292cd9bf76972fc<\/td>\nqwerty@12345<\/td>\n<\/tr>\n
6d0952a65f2fcf9fa553a8956414e596<\/td>\nmd5decrypt<\/td>\n<\/tr>\n
f68e2a0caa1d7bc2d30ddcb5db33e9d4<\/td>\nsimplep@ssw0rd<\/td>\n<\/tr>\n
c633a43739df88f9280e89d001ed69e9<\/td>\nanycommonstring<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n

If we create a database of all possible original string by permutating their character sequence. Then finally, we will have the hash key of every string. So, we can search for any particular\u00a0hash key to decrypt.<\/p>\n

Since it will take a lot of computation and also a lot of storage to maintain this mapped database, Instead of that we can use the online md5 decrypting website like\u00a0md5decrypt.net<\/a>\u00a0based on the same technique.<\/p>\n

 <\/p>\n

Now the question arises, Is MD5 secure enough to use in the process of storing any important data such as password, OTP etc?<\/h3>\n

Yes, but with the appropriate salt, Using the md5 for storing critical data\u00a0such as password and OTP in the database without appropriate\u00a0salt<\/a>\u00a0is not recommendable and md5 should not be used without salt because:<\/p>\n