How can it be impossible to “decrypt” an MD5 hash? [duplicate]

Answer 1

Here's a parallel:

Add up the ages of everyone in your family. Only keep the last two digits.

Now tell me everyone's ages based on that one number.

Answer 2

Think about this:

I have a numeric string, say it's "12345678".

I have a hash algorithm, it just returns the sum of all the single numbers, let's call it f()

so, f("12345678") = 1 + 2+ .. + 8 = 36.

Then the question:

known f(x) = 36, is it possible to get the original value of x ?

We can't, because f() is an algorithm causes information loss.

The MD5 is a hash algorithm like f(), but much more complexer.

Answer 3

Essentially, the bit operations involved mean that reversing it would be technically infeasible. In order to construct a set of outputs, you would require insane time complexity and huge memory complexity. It's not impossible at all - but it doesn't have to be, merely beyond the power of even our best supercomputers by a mile.

Answer 4

Most of the answers don't hit the real point of the question: the hashing transformations are non linear, and as such are very difficult (but not impossible, given enough computational power and time) to reverse.

Think about the relative difficulty of squaring a number and getting the square root. Add to that that you just have partial information and all the missing bits are important to yield the correct answer (not as in the example of cropping a number).

If after all you're still not sure, then try by yourself to reverse the steps of MD5 or any other cryptographic hash function ;-)

Answer 5

In answer to the second part of your question (an answer to the first part having been more than adequately given by others above): MD5 is considered weak due the proofs of attacks against the cipher (i.e., changes that can be made in the plain-text that do not result in changes in the MD5 sum). Other hashing techniques may not be as easily susceptible to essentially arbitrary hash collisions (at least such arbitrary collisions have not, as yet, been shown to be possible with the SHA-2 set of hashes, etc.), and hence, an attacker is less likely to be able to replicate a hash hashed in a non-MD5 technique (theoretically, of course, hash collision attacks are possible against any hashing function; it would not succeed as a hashing function if this were not the case; the question is how easily an attacker can succeed in "faking" a "correct" plaintext, that is, one that hashes to the same hash value).

Incidentally, the MD5 sum of a plaintext is not necessarily safe because it contains "less" data or is "lossy", but because, from an arbitrary plaintext, it computes a sum-value within a fixed range (for plaintexts < 128 bits, the MD5 sum, in fact, contains more information than the plaintext...), and, therefore a number (theoretically infinite) of plaintext could all align to the same MD5 hash.

Answer 6

Consider the following function: f(x) = xx. Now, given that you know f(x)=25, what is x? Well, the answer could be 5 or the answer could be -5. You cannot recover the input to f, because there exists some value in the range of f such that more than one element of the domain of f maps to that value under f. Consequently, the function f is non-invertible. The same concept applies to MD5; there are multiple inputs to the MD5 algorithm that will, despite being different inputs, yield the same hash value as a result. In other words, the MD5 algorith, like f(x)=xx, is not one-to-one and therefore not an invertible function.

However, this does not mean that you cannot recover the input to an MD5. It simply means you cannot recover the input to and MD5 with 100% certainty. To make this more concrete, let's look again at the function f(x)=x*x. Now what if I told you that for any given input to f the probability of it being positive is 99%? In that case, you could make a very good guess that a hash of 25 came from a value of 5, and not -5. This is, indeed, how people are able to break hash functions (including MD5, which is, it turns out, not a very good cryptographic hash function). When it comes to passwords, there are certain passwords which are used far more frequently than other passwords. All you need to do is take the MD5 of those password and compare it with some hash, and if they match, then it is a pretty reasonable guess that it came from that password.

You may also be interested in reading about one-to-one functions, Injective functions, cryptographic hash functions, MD5, SHA1, and Don't Hash Secrets from the Benlog Security Blog.