Can MD5 Hash be reversible or crack?

I try this link (https://md5.gromweb.com/) to hash some keys (lets say key A) and reverse it back which MD5 not suppose to be reversible right? Somehow, this website can do it easily.

So, I found it suspicious and curious on how it actually work. When I hash some keys (let say key B) (different keys tried in this website) in another (any) website and try to reverse it back through that website , it does not work.

However, when I hash the same keys (key B) in that website and reverse it back. It work??? Does this website actually keep all the hashes it done in its dictionary or something? Then, the keys I have been hash through this website are compromised and not secure anymore?

Side Note: The key that I tried all have a long random string with alphanumeric + upper/lower case + special character.

MABY

Posted 2020-01-14T03:48:11.480

Reputation: 5

Answers

If you think about it, a hash can't be uniquely reversible as it can take an arbitrarily large number of characters and represent it as a shorter number. Thus there must be more than 1 string that will have the same hash. (This is called a collision).

If you read the right-hand side of the page you linked to - it does actually confirm that it is using a dictionary populated with a list of several million md5 strings and their common counterpart passwords - so that is your answer.

You may be interested in freerainbowtables.com. This site contains a list of "rainbow tables". Similarly, if you have entered a key into a cracking website there is every probability it has added it to its tables.

The keys you have hashed through the website may or may not be compromised depending on what key you used, the website and purpose. If in doubt, treat it as compromised.

davidgo

Posted 2020-01-14T03:48:11.480

Reputation: 49 152

I did read it, but i haven`t though that they actually keep both hash and original string. I should treat the trial key as compromised as they can actually reverse back the key. Thanks for the explanation. I will look into the link you give me. – MABY – 2020-01-14T06:10:38.643

There are only 2 ^ 128 MD5 hash and an unlimited number of strings, so each MD5 hash is equivalent to an unlimited number of strings (because unlimited number divided by a limited number is unlimited).

So even if some algorithm could reverse an MD5 hash there isn't only one correct answer.

The MD5 hash of a famous word like admin is this:

21232f297a57a5a743894a0e4a801fc3

And if you search this hash there are lot of records in search results that say this hash is admin and it's only because it's one of the equivalents of that hash that actually makes sense.

However, since the processing power of even personal computers increasing really fast it's really better to not use MD5 hash for passwords and important data anymore.

S.Mohammad Mousavi

Posted 2020-01-14T03:48:11.480

Reputation: 191

Thanks for clearing my view. Based on your experience, what other way I should learn to hash my password? – MABY – 2020-01-14T06:00:31.353

1@Asyraf For passwords, you can use PBKDF2, bcrypt or scrypt – S.Mohammad Mousavi – 2020-01-14T06:09:20.850

Bcrypt doesn`t look too hard to implement in C#. I should start learn it and stop using MD5 or SHA family for hashing. – MABY – 2020-01-14T07:39:29.373