1

I have heard that hashing, such as MD5, is one-way and cannot be cracked. But there are some websites that can decrypt hash, like www.md5hashing.net and some scripts like findmyhash.py. I tested some hash and it was cracked successfully. Why can it do so?

Anders
  • 64,406
  • 24
  • 178
  • 215
kst
  • 131
  • 1
  • 2
  • 4
  • 1
    Possible duplicate of http://security.stackexchange.com/questions/19906/is-md5-considered-insecure, and also related to http://security.stackexchange.com/questions/11717/why-are-hash-functions-one-way-if-i-know-the-algorithm-why-cant-i-calculate-t – esote Dec 14 '16 at 12:27
  • There are lots of different hash algorithms and some are shown to be insecure while others are not yet broken. Your question is very unspecific what you consider as cracked and in which context so I recommend to close it as too broad. But you might start reading more about use and properties of cryptographic hashes at [wikipedia](https://en.wikipedia.org/wiki/Cryptographic_hash_function) and then come back with more specific questions. – Steffen Ullrich Dec 14 '16 at 12:27
  • 2
    [If hashing is one way, why can we decrypt MD5 hashes?](http://security.stackexchange.com/questions/38141/if-hashing-is-one-way-why-can-we-decrypt-md5-hashes) – Dmitry Grigoryev Dec 14 '16 at 14:32
  • 2
    First, hashing is NOT the same thing as encryption. It is very important for development team members to understand that difference. Hashes are an excellent way to store things like passwords, as they are one way functions. However, there are vulnerabilities when the hash value is known such as collisions in weak hash algorithms https://en.wikipedia.org/wiki/Collision_attack and rainbow tables. But for that to work the attacker already has to have access to your raw data. But that implies a whole different set of problems. Salting hashes as a first step hardens that step significantly. – dmarietta Dec 14 '16 at 15:31
  • Hashes can only be bruteforced and not be reversed due to some mathematical operations they use. For example one of them is modulo which is taking the remainder of a division, so if you had 7/2=3.5 then modulo(7/2) is 5 and there's no way to determine that the number 5 is the result of modulo(7/2) or (5/2) or any modulo operation that results in 5 – dwkd Dec 14 '16 at 16:04
  • I think it was only the title that was very broad - if you ignore it you can read the question as being about a specific site. I have edited the title to reflect this. Nominating for reopening. – Anders Dec 14 '16 at 16:27

2 Answers2

17

Hashes can be cracked using brute forcing. That means that you test hashing every possible input until you find one that generates the right output. To stop this a hash function used for password storage or key derivation needs to be deliberately slow (so that testing a lot of inputs take a very long time).

A site like the one you mention can also store a big list of known pairs of common inputs and outputs. Therefore they don't need to do a brute force every time someone sends them a hash to crack - they just need to look it up in the table. To stop this you use a salt (so that even a common password gets an unique hash).

You will note that they do not know the value of all hashes, just common ones. An example:

  • 5f4dcc3b5aa765d61d8327deb882cf99 is correctly reversed to password, because that is in their database.
  • 039c004d00c02a193144e96b3e8aa4ba can not be reversed to the random string tUGPP*yq24p+EgpQ that I just generated, because they can not fit all billions of possible random strings into their database.

So how do you protect yourself against sites like this? Use a slow hashing algorithm and a salt.

Community
  • 1
Anders
  • 64,406
  • 24
  • 178
  • 215
  • 2
    But now you've posted this, a web-search for `039c004d00c02a193144e96b3e8aa4ba` “reverses” the hash… ;-) – 5gon12eder Jan 12 '17 at 06:27
3

This can be done with a dictionary attack. If you have calculated the hashes of many values before, you can just match which hash result corresponds to a given input.

I think you are referring to this script when you mention findmyhash.py; cursory inspection suggests that this script does indeed consult an online database of known hash values.

Also, MD5 is no longer considered secure, so it's possible that a more advanced tool exists to exploit its weakness(es). According to Wikipedia:

The security of the MD5 has been severely compromised, with its weaknesses having been exploited in the field, most infamously by the Flame malware in 2012. The CMU Software Engineering Institute considers MD5 essentially "cryptographically broken and unsuitable for further use".

S.L. Barth
  • 5,486
  • 8
  • 38
  • 47