Gmail Hacks Page

[Richard]

I have seen scripts where they use MD5 to encrypt text and decrypt it. So, it is possible.

Yes, using dictionary of database attacks. You can ONLY crack MD5's, you cannot decrypt them.

 

[Tree]

Indeed. There are only 3.4E38 possible combinations for an MD5 hash. For any quad-core CPU with a decent amount of RAM, that's nothing. It could run through the whole gamut of possibilities within a minute.

A 100mb file has an MD5 value. Do you REALLY think you will be able to recover that 100mb file from an MD5 value? The answer is no.

MD5 checksums are not compiled from the actual file, rather from some of the file's metadata.

 

[fireshark]

What metadata? Not every format has metadata.

Wikipedia:

MD5 processes a variable-length message into a fixed-length output of 128 bits. The input message is broken up into chunks of 512-bit blocks; the message is padded so that its length is divisible by 512. The padding works as follows: first a single bit, 1, is appended to the end of the message. This is followed by as many zeros as are required to bring the length of the message up to 64 bits fewer than a multiple of 512. The remaining bits are filled up with a 64-bit integer representing the length of the original message.

It works on the whole message.

 

[Robbeh]

I work for a software company as a project manager by day, and I wrote a spec that called for user's data to be encrypted using MD5.

One of my programmers told me that MD5 was very insecure, which I didn't believe. To prove me wrong, he wrote a script and told me he'd decrypt an MD5 hash for me. We uploaded the script to one of our servers and went on lunch. Came back and yep, he'd decrypted my hash.

I still owe him a pint for that!

Unfortunatly, we uploaded the said script to one of our live servers.... so although we did crack the hash, the script used so much processing power that we also took down a live application, our boss didn't really see the funny side

 

[Tree]

What metadata? Not every format has metadata.

Metadata is completely OS and/or FS dependent. File formats have little effect on metadata.

It works on the whole message.

Indeed it does. Must have been getting it confused with something else.

 

[ExpertWebHost]

nothing is impossible as far as pc sec goes...

 

[Erizo]

id love to see that script
Anyways, thats right, i have only seen "cracked" MD5 hash, but not perfectly decrypted.... Only with password crackers (brute force or dictionary).... is the same as if recovering password from a .rar or .zip file

 

[jessi]

unless you got a lot of cpu cycles to burn and alot of cash with a military like backing, MD5 is pretty uncollidable, can be done, but for the next 5-10 years its safe... It is oldschool though.
go SHA1