md5 theory
Hello, I am not the best a encryptions (check what challenges I've done) and Right now I'm working on Enc7 which is obviously an md5. But I have a question: I ran the hash calculator two different times on cain and able, for 'Password' just to see if it worked, but it came out the same both times, so can't a program just have a list of all hashes and search for the one that you put in (all hashes under 12 words I guess) If the encryption can be duplicated time over and over…why can't it be reversed? I don't know anything about the theory or programming, so if you could enlighten me, I would be most grateful.
NC
Hello Neo_Chalchus,
Good question. Yes it is true that anything you encrypt with MD5 will have only one output, but this was done on purpose and does not mean it can be reversed. Reversing would mean you could have a certain method that will take the hash and decrypt it no matter what it was. However, you where right when you asked if you could store hashes and their plaintext somewhere to retrieve later, but in order to have every possible hash pre-stored, you would have to have a total of 16^32 (about 340,282,366,920,938,460,000,000,000,000,000,000,000 hashes).
I have created a project that does exactly what you described and it contains just about all dictionary words + others, if you would like to use it, IM 'md5library' on AIM.
Hope this helped :)
Regards, Jake
…can't a program just have a list of all hashes and search for the one that you put in…
Great observation. There are programs that accomplish this so that you don't have to keep doing the same calculations over and over. Rainbow tables is a popular one that follows this theory. Really the only limit is how much space you're willing to dedicate to saving the computed data.
If the encryption can be duplicated time over and over…why can't it be reversed?
md5 is a very unique type of function. It's actually a hashing system, not an encryption, but that's splitting hairs. It can't be reversed because it's a 'one way algorithm'. Let me give you a simple example, using simple math.
If I take the number 12, and run it through my 'one way algorithm' of mod 7, I get 5 (12 % 7 == 5). So I tell you that the 'encrypted' output is 5. The problem is that there's any amount of numbers I could have used originally (12, 19, 26, etc) , so you couldn't reverse that unless you already knew the original value of 12.
md5, and most hashing algorithms, operate on this same premise. They can give you an expected result from a specific formula that is the same result every time, but you cannot (currently) reverse the formula and get the original number unless you already knew it anyways.
HTH
www.plain-text.org.. is an awesome website for cracking MD5/NTLM/LM haxhes.. they have around 40 computers running at all times cracking buttloads of hashes a day, every hash they crack gets put into their library so next time someone searches for that hash it takes hardly no time at all… basicly a huge rainbow table… im sure they have computer constantly generating hashes to add to the tables. Go check em out theyll tell you.. BUT the only bad thing about this site is… its used quite a bit, and its hard to get ur hash in, but they do crack really fast lol i know from experience, heh heh i cracked my schools admin hashes from the sam file:evil: i was running a brute force on it with ophcrack for a few days with no results then i found plain-text.com and it took a matter of seconds:o
hope this helps some of you
OH about John the Ripper… its MUCH more effective if u run it with a wordlist instead of brute forcing, that could take WEEKS. so just Google HUGE wordlists and you're sure to find somthing btw.. 50K words is nothing for jtr B)
Lol, whoever said that is probably referring to my project. Add 'MD5Library' to your buddylist on AIM. (or md5library@gmail.com for MSN)