passphrase

MD5 decrypter


Insert your MD5 hash here:

Answer :



This decrypter can manage up to 5 character encrypted words. Those words can include numbers, and first capitalized letter. No symbols, unfortunately :( but I will work on it, and may-be some day in the future I will improve it. 

Right now it contains 107 111 510 different combinations. Database size 1,4 GB.

Example words that can be decrypted: Jess2, m2ryy, Mark5, Pass0, 62853 etc.

UPDATE! Found error, database misses five letter combinations that end with "a". No worries, it is only 0,06% of this database.

What is MD5?

MD5 (Message-Digest Algorithm).
Simply put, it is a method that is used to secure your password that is sent over Internet.
It takes your password or passphrase that you register at some site and makes it into single line of numbers and some letters. This process is called hashing and lines that are generated are called hashes (obviously inventors of cryptography were potheads).
Letters and numbers that are used: 1234567890abcdef. Length of a single hash is 32 characters.
It is something similar to ciphering a messages – for example if we take word “password” and replace p-5 , a – f, s – o , w – q , o – 9 , r – z , d – j. And so “password” will become “5fooq9zj”. Although “5fooq9zj” seem to be quite secure, it gives away a length of your password, now all what attacker has to do is check this combination to dictionary words that are 8 characters long and have identical letters at third and fourth positions. It will take only couple of minutes or even seconds to crack your password or passphrase. In fact he/she doesn’t even need any script to crack that – it is possible to crack just by using spreadsheet with dictionary words sorted by length.
Much like cipher, MD5 replaces characters of password/passphrase, but it replaces your characters only to characters in range of 1234567890abcdef (called hexadecimal system, hexadeca stands for 16 in Greek). And it makes all your encrypted messages 32 characters long.
MD5 doesn’t care how long your password or passphrase is, it always generates encrypted message that is 32 characters long, for example let’s encrypt one password and one passphrase:
abc123 - e99a18c428cb38d5f260853678922e03
fat cat sat on the porch and was drunk - 8477a3363494820f68cf07e67538255e
Both hashes are 32 chars long.
There are finite number of different hashes. To be specific there are 16 to the power of 32 possible different combinations of MD5 hashes. As a number it is:
340 282 366 920 938 000 000 000 000 000 000 000 000 different combinations
By long and long computation, cryptographers have found some “collisions” of MD5 hash, simply put it means that sometimes two different encrypted words may be represented under same hash. It doesn’t make your password useless when you log-in, all it does is that your account may be opened not only by your password but with some other word (combination) as well. It took years to compute that by cryptographers, the possibility of that happening to you is so low, that you should not worry about that.
What is salt?
Salt is a method when you take your generated hash and encrypt it multiple times.
For example let’s take a word “password”.
Encrypted once we get: 5f4dcc3b5aa765d61d8327deb882cf99
Now let’s take this same hash (that newly generated 32 chars), and put it into encryption once more, we get: 696d29e0940a4957748fe3fc9efd22a3
Let’s do it jet another time: 5a22e6c339c96c9c0513a46e44c39683
You can do so an infinite number of times.
This method increases security of a password, because after getting into database and obtaining a hashed passwords list, attacker now has to figure out how many times this encrypted hash has been salted. It will take him/her from couple of hours or up to several days to figure out that, it will not entirely secure passwords or passphrases form being hacked, but it is highly recommended to be used.
What is a rainbow table?
Rainbow table is a collection of pre-calculated hashes. It is used to decrypt hashes.
Example table (for abc attack):
Password
Hash
a
0cc175b9c0f1b6a831c399e269772661
b
92eb5ffee6ae2fec3ad71c777531578f
c
4a8a08f09d37b73795649038408b5f33
aab
e62595ee98b585153dac87ce1ab69c3c
And so on…
Example table (for dictionary attack):
Password
Hash
123456
e10adc3949ba59abbe56e057f20f883e
abc123
e99a18c428cb38d5f260853678922e03
abcdef
e80b5017098950fc58aad83c8c14978e
password
5f4dcc3b5aa765d61d8327deb882cf99
qwerty
d8578edf8458ce06fbc5bb76a58c5ca4
And so on…
The size of a rainbow table is limited by the size of HDD where it is kept. As there are 32 characters in one hash it means it takes 32 bites per one hash. So if for example we would like to make a rainbow table that will help us crack small six lower case character passwords (number of combinations 308 915 776 see Brute force attack time table ), we would need a HDD with available space of 9,8 GB, what is absolutely easy to achieve nowadays. If we would take six character password with upper and lower letters, all numbers and some common symbols (number of combinations 139 314 069 504 see Brute force attack time table) it would still be achievable, as 4.45 TB sized HDD would be needed. So what this all tells you about length of your password? Exactly, it is better to use passphrase.
How it all works?
Registration:
1. Input field
2. MD5 encryption
3. Sending
4. Saving in server
You type your password or passphrase to registration form. For example you type “abc123” as your password
MD5 algorithm makes “abc123” to “e99a18c428cb38
d5f26085367892
2e03”
Your computer sends your user name and encrypted password “e99a18c428c
b38d5f260853678922e03” to server of the site.
Server saves your user name and encrypted password  “e99a18c428c
b38d5f260853678922e03” to database.
Log in:
1. Input field
2. MD5 encryption
3. Sending
4. In server
5. Match made
You type your password or passphrase to log-in form. For example you type “abc123” as your password
MD5 algorithm makes “abc123” to “e99a18c428cb38
d5f26085367892
2e03”
Your computer sends your user name and encrypted password “e99a18c428c
b38d5f260853678922e03” to server of the site.
Server checks your user name and password in database, it finds that your password “e99a18c428c
b38d5f260853678922e03” is matching the one in database.
As your sent encrypted password matches one that server got from database, means that it’s OK to send you information form server. Otherwise server will send notification that your password or user name is wrong.
Now when someone would attack that server or wiretaps line between your computer and server, all he would get is your hashed password:   
“e99a18c428cb38d5f260853678922e03”
He/she would have to start cracking that hash or check it in pre-calculated rainbow table. This example password “abc123” will be cracked in a matter of milliseconds, but larger and more complex passwords i.e. passphrases will be a lot harder to crack.
And when pass is salted?
When pass is salted it tastes a lot better
Registration:
1. Input field
2. MD5 encryption repeated n times
3. Sending
4. Saving in server
You type your password or passphrase to registration form. For example you type “abc123” as your password
MD5 algorithm makes “abc123” to “e99a18c428cb38
d5f26085367892
2e03” and then this encryption is encrypted again and again n times.
Your computer sends your user name and n times encrypted password to server of the site.
Server saves your user name and n times encrypted password to database.
Log in:
1. Input field
2. MD5 encryption repeated n times
3. Sending
4. In server
5. Match made
You type your password or passphrase to log-in form. For example you type “abc123” as your password
MD5 algorithm makes “abc123” to “e99a18c428cb38
d5f26085367892
2e03” and then this encryption is encrypted again and again n times.
Your computer sends your user name and n times encrypted password to server of the site.
Server checks your user name and password in database, it finds that your n times encrypted password is matching the one in database.
As your sent n times encrypted password matches one that server got from database, means that it’s OK to send you information form server. Otherwise server will send notification that your password or user name is wrong.
Now attacker receives different hash then before. For example triple encrypted pass “abc123”:
80e380bb24647ada593f44e60a806b63
First, attacker will try to crack it as it would be simple, single encrypted password. He/she will not succeed in that. So he/she has two possibilities: 1. This password is too long or uses too complex characters to be cracked or 2. It is multiple encrypted. At that point some attackers would go for the first one and in progress lose a lot of time. The ones who choose second option, will go to website that they attacked and register new account. Into user name field they write for example “user114” and into password registration field they will type for example “aaaaaa” and as they send that information to server they can, with proper software, track what information is sent from their computer. They will receive information like their user name “user114”and encrypted password like “b6b3f5c1398b1ad19aa4c773ec1ba8b6” so now all they have to do is encrypt their password “aaaaaa” multiple times and find how many times that site is encrypting their passwords. How many times “aaaaaa” was encrypted?

1 comment:

  1. Thank you so much for sharing this decrypter. You have also provided a rich amount of detail to explain all about md5 algorithm. I will recommend this widget to all my friends too.
    electronic signature software

    ReplyDelete