tags:

views:

225

answers:

5

i thought, that it is impossible to decode md5 hashes, but i found tools, which decode them here. but i have no idea, how they do it in such a short period of time(it takes about a second).

Help me please to understand it.

Thanks

A: 

In general, this is still computationally intractable. However, rainbow tables assist in locating known pre-images. It will only work when the pre-image is based on common strings (e.g. dictionary words) and a salt isn't used. That's what they mean by "This tool searches multiple databases."

Matthew Flaschen
Why the downvotes?
Matthew Flaschen
+10  A: 

It doesn't decode an MD5 hash. It uses what's called a rainbow table... That's why it's so important to use salted hashes instead of storing the hash directly...

ircmaxell
salted hashes can still be broken.
Rook
Technically, rainbow tables don't even apply to this situation at all since there are an unbounded number of possible strings to be hashed. The site is just using a database of 'common' hashes.Rainbow tables != database lookup.
Charles
@Charles, I don't see anywhere the site describes their exact database schema, so I'm unclear why you've concluded there's no rainbow table.
Matthew Flaschen
Sure, salted hashes can still be broken. But it's significantly harder than unsalted hashes as you'd need to both know the salt, and generate a table for that salt...
ircmaxell
+4  A: 

It is impossible to decode an MD5 hash as it is a one way algorithm, they will have a database of pre-calculated hashes and the string that was used to generate the hash and then perform a lookup.

This is another example of how you can recover an MD5 hash:

http://djgdesign.co.uk/display.php?id=42

Chief17
+2  A: 

It says clearly: This tool searches multiple databases for the unencoded version of a MD5 hash

Cristian
+1  A: 

The web page actually contains the answer:

The database contains millions of MD5 hashes and their decrypted forms.

If you hash a somewhat trivial string like "Hello World" chances are it exists in that db. But enter a long string of some weird text like "H3ll0 Wh1rrl3d!?!" and the "conversion" will fail because it will not exist in the hash db. (Though my "weird" string seems to be getting decoded?!?)

IMPORTANT:


  • NOTE FROM THE SITE: Any data which is MD5 hashed is stored for lookups. Do not encode sensitive data using this form

lol. That's why anything you hash with the site will come back as decoded! Everytime you hash something with that site you increase the size and capability of the database!

Paul Sasik
Not a rainbow table.
Charles