Is it possible to decrypt MD5 Hashing?


Solution 1

Short answer: MD5 is a way of knowing enough about a password to compare it - a unique fingerprint - without actually keeping the password around.

Longer one: MD5 can be thought of a fingerprint generator. You take as many bits as you can, and out the end is 128 bits. The md5sum will always be the same for any string. But, it's hard to predict what an md5sum will be for any given string. It can't be reversed. You can't get the password back from the hash, that information is thrown away.

Why MD5? You don't want to store the actual password. If I can break into your DB, I get the passwords. This is unsafe.

So I can store a hash. On login, I get md5sum of the password you typed, and the md5sum in the db, see if they match. Then, even if you get the hash, you can't go backwards to get the password. You've got the hash, but in theory you can't get the password.

This is safer, but remember, the same password will always hash to the same md5. 'password' will always be 286755fad04869ca523320acce0dc6a4. If I see 286755fad04869ca523320acce0dc6a4 in the db, I know your password is 'password'. So one technique is to add something called 'salt', a bit of uniqueness to your password. So, say for me, my salt is chosen to be, oh Idunno, '1b24'. I add that to the md5 data, which gets me c4f8469e00c67d70dfbaa91cdf948fa8. When I store the password, maybe I store 1b24|c4f8469e00c67d70dfbaa91cdf948fa8. Then when you type in 'password', I see in the db I need to add 1b24, and I'd get the match.

MD5 is actually not used for this as much. There's newer ones (like SHA1) which throw the bits around better. Sometimes you go through multiple rounds. This adds security by making it harder to generate huge lists of these fingerprints - it takes too long to compute.

Solution 2

MD5 is a one way hash. This has been discussed a few times on Stack overflow:

Solution 3

This post on IT Security@stackexchange should be enough for you to understand the problem.

The problem lie (boldly) in two facts:

  • "md5_mixalpha-numeric-all-space#1-8: 1049 GB" is downloadable as a free torrent for everyone at site like these, that means more than 1TB of different unique strings containing mix lower and upper-case letters and numerals plus spaces and of one to eight characters long.
    Given you have the files on your harddrive (use squashfs guys!) you just have to search for the wanted MD5 and you'll get the original string (or even a collision if you are quasi-impossibly lucky), in any way you have a valid password :)

  • A problem with every simple hashing scheme is that two users using the same password would get the same hash, reversing one of them would give you several accounts at once and that only worsen the consequences of the first flaw

There are three solutions to that:

  • the old-crappy one:
    MD5(password) or SHA128(PASSWORD), broken by default, many *NIX implement a better scheme since at least twenty years, nothing to add.

  • MD5(SALT+PASSWORD) where SALT is unique per user and stored in clear, that requires the attacker to generate a rainbow table for each password he wants to crack.
    Could deter some but a dictionary attack can still be very powerful as many/most users have weak passwords.
    And keep in mind we now have solutions to (relatively) cheaply rent powerful GPU clusters, even a $400 GPU is a beast at hashing strings, especially if the calculations are distributed among thousand of machines.

  • the "not new at all" and only acceptable solutions now: bcrypt and scrypt

Please be wise and adopt the latter solution, at least go for a PKBDF2 scheme that you won't try to design yourself, have a look here:

Solution 4

Certainly not decrypt it, as it has been stated constantly. However, there are by now quite a few papers talking about forcing md5 collisions. This basically means that because the hash is generated by a random set of "equations" applied to every bit of the information you're hashing (Remember you can hash anything from a password to a file or several) then you are also able to find another string of undefined length that will create the same hash.

Here is a link to one of the first (and I think one of the best) research papers on the topic. [PDF]

Solution 5

You can't recover your password if you save the password in md5 hash.. The site that have recovery password module, they save the password in plain.

You can try to recover your md5 password


Related videos on Youtube

Author by


Updated on September 18, 2022


  • Admin
    Admin almost 2 years

    I was seeing a video on how to hash passwords with MD5 Hashing. After googling on it I found out that Facebook also uses MD5 hashing scheme. Now I was curious to know if we can decrypt the password easily? If this is so, what is the advantage of MD5 hashing then?

    • HikeMike
      HikeMike about 12 years
      MD5 has 2^128 possible values (usually represented as a 32 character hex string). Given a character set of about 26(a-z)+26(A-Z)+10(0-9)+32([]{};:'"\|,<.>/?~!@£$%^&*()-_= +) viable characters for passwords, it's just enough possible values for passwords up to 19 characters without collisions.
    • Maciej Piechotka
      Maciej Piechotka about 12 years
      @DanielBeck: You would be right if MD5 was perfect hash. It have multiple security problems - It would be recommended to use SHA2 family. SHA-3 when it will be chosen.
    • HikeMike
      HikeMike about 12 years
      @MaciejPiechotka I know. The point I was trying to make was that there is no way to "decrypt" data "encrypted" with it, just like you won't be able to restore a truncated file based on the data that's left.
    • Maciej Piechotka
      Maciej Piechotka about 12 years
      @DanielBeck: I assumed that it was more about the security of hashing and person asking does not know what hash is. In such case it might be beneficial to explain not only the theory behind one-way functions but also the security problems in the hash algorithm he have explicitly mentioned (something like "it is not possible to 'decrypt' but it is possible to generate the password which will work from MD5").
    • Fran
      Fran about 12 years
      @MaciejPiechotka Indeed. The malware known as Flame used a previous undisclosed MD5 chosen prefix collision attack to forge Windows code-signing certificates. MD5 is weak, and getting weaker everyday:…
  • Franz Wong
    Franz Wong about 12 years
    Whilst this may theoretically answer the question, it would be preferable to include the essential parts of the answer here, and provide the link for reference.
  • sean christe
    sean christe about 12 years
    This is true. Which is why I made it a community wiki. I did not have the time to write up a complete answer, so I provided the not pretty answer until someone with the time to do a better one could wander along. Since it is a community wiki, they were essentially invited to improve this answer instead of posting a different one.