Is it possible to decrypt MD5 hashes?

Question

Someone told me that he has seen software systems that:

1. retrieve MD5 encrypted passwords from other systems;
2. decrypt the encrypted passwords and

Answer 1

Not possible, at least not in a reasonable amount of time.

The way this is often handled is a password "reset". That is, you give them a new (random) password and send them that in an email.

Answer 2

In theory it is not possible to decrypt a hash value but you have some dirty techniques for getting the original plain text back.

1. Bruteforcing: All computer security algorithm suffer bruteforcing. Based on this idea today's GPU employ the idea of parallel programming using which it can get back the plain text by massively bruteforcing it using any graphics processor. This tool hashcat does this job. Last time I checked the cuda version of it, I was able to bruteforce a 7 letter long character within six minutes.
2. Internet search: Just copy and paste the hash on Google and see If you can find the corresponding plaintext there. This is not a solution when you are pentesting something but it is definitely worth a try. Some websites maintain the hash for almost all the words in the dictionary.

Answer 3

You can't revert a md5 password.(in any language)

But you can:

give to the user a new one.

check in some rainbow table to maybe retrieve the old one.

Answer 4

Decryption (directly getting the the plain text from the hashed value, in an algorithmic way), no.

There are, however, methods that use what is known as a rainbow table. It is pretty feasible if your passwords are hashed without a salt.

Answer 5

No, you can not decrypt/reverse the md5 as it is a one-way hash function till you can not found a extensive vulnerabilities in the MD5. Another way is there are some website has a large amount of set of password database, so you can try online to decode your MD5 or SHA1 hash string. I tried a website like http://www.mycodemyway.com/encrypt-and-decrypt/md5 and its working fine for me but this totally depends on your hash if that hash is stored in that database then you can get the actual string.

Answer 6

MD5 has its weaknesses (see Wikipedia), so there are some projects, which try to precompute Hashes. Wikipedia does also hint at some of these projects. One I know of (and respect) is ophrack. You can not tell the user their own password, but you might be able to tell them a password that works. But i think: Just mail thrm a new password in case they forgot.