someone told me has seen software systems accept md5 encrypted passwords (through various integrations other systems), decrypt them, , store them in systems own database using own algorithm.
is possible? thought wasn't possible (feasible) decrypt md5 hashes.
i know there md5 dictionaries, there actual decryption algorithm?
no. md5 not encryption (though may used part of encryption algorithms), 1 way hash function. of original data "lost" part of transformation.
think this: md5 128 bits long. means there 2128 possible md5 hashes. reasonably large number, , yet finite. , yet, there infinite number of possible inputs given hash function (and of them contain more 128 bits, or measly 16 bytes). there infinite number of possibilities data hash same value. thing makes hashes interesting is incredibly difficult find 2 pieces of data hash same value, , chances of happening accident 0.
a simple example (very insecure) hash function (and illustrates general idea of being one-way) take of bits of piece of data, , treat large number. next, perform integer division using large (probably prime) number n , take remainder (see: modulus). left number between 0 , n. if perform same calculation again (any time, on computer, anywhere), using exact same string, come same value. , yet, there no way find out original value was, since there infinite number of numbers have exact remainder, when divided n.
that said, md5 has been found have weaknesses, such complex mathematics, may possible find collision without trying out 2128 possible input strings. , fact passwords short, , people use common values (like "password" or "secret") means in cases, can make reasonably guess @ someone's password googling hash or using rainbow table. 1 reason why should "salt" hashed passwords, 2 identical values, when hashed, not hash same value.
once piece of data has been run through hash function, there no going back.
Comments
Post a Comment