Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options

Reverse MD5

by raj_monk (Novice)
on Dec 02, 2008 at 11:21 UTC ( #727370=perlquestion: print w/replies, xml ) Need Help??
raj_monk has asked for the wisdom of the Perl Monks concerning the following question:

Hi Monks,

Could you please any one advise me, how to get the reverse MD5 value in Perl. I tried Digest::MD5::Reverse module its failed.


Replies are listed 'Best First'.
Re: Reverse MD5
by JavaFan (Canon) on Dec 02, 2008 at 11:30 UTC
    You mean, given an MD5 hash, retrieve the original text?

    The short answer is: you can't - that's the point of an MD5 hash.

    The longer answer is that it's unknown whether it can be done in any reasonable amount of time (even with reasonable being tens of years). You could of course generate all possible text, and eventually stumble upon a text that gives the given MD5 hash, but even then it's not sure whether you got the right one.

      Digest::MD5::Reverse uses online DBs which seem to store large amounts of texts and the corresponding MD5 sums. That is probably the only reasonable way to do this. However, simply appending a random text/date on every text makes this pretty unusable.
        The summer 2008 edition of 2600 has an interesting extension of this: using Google (etc.) to search for the hash and find an original text (password). Apparently a lot of people or systems post this information intentionally or inadvertently. In some limited sense, you don't need the reverse function if Google is mapping the forward function.

        Quantum Mechanics: The dreams stuff is made of

      How did they get the reverse value for md5?
        They didn't.
Re: Reverse MD5
by ccn (Vicar) on Dec 02, 2008 at 11:31 UTC
    MD5 sums (see RFC 1321 - The MD5 Message-Digest Algorithm) are used as a one-way hash of data. Due to the nature of the formula used, it is impossible to reverse it.

    You can't get reverse value of MD5, but you can get a bunch of values which have that MD5 sum.

Re: Reverse MD5
by zentara (Archbishop) on Dec 02, 2008 at 13:50 UTC
    MD5 has been somewhat broken and almost everyone is using something like Blowfish now. With the supercomputers and giant memories available now, it should be pretty easy for the government.

    I'm not really a human, but I play one on earth Remember How Lucky You Are

      Blowfish is an encryption algorithm, not a hashing algorithm. It's not an alternative to MD5.

      From here on, take what I say with a grain of salt. I'm not sure of everything.

      SHA-1 is stronger than MD5, and SHA-256/512 strong still, but all are known or suspected to be broken for the same class of attacks. None are completely broken mind you. They are broken in the cryptographic sense, which means something like "being weaker than they were originally". However, attacks only get better with time.

      Furthermore, the only property that is broken is the ability to produce two texts that hash to the same value, not the ability to produce a text that hashes to a given value. That property is important for document signing, but not for password protection.

      Update: Re-organised to clarify uncertainty.

        See Blowfish and check out the section "Blowfish in Practice". I know SuSE linux uses this Blowfish hash for it's passwords, and many distros have advanced options when you install, to select the hashing algorithm to be used. Blowfish is commonly listed. Also google for "blowfish hash".

        I'm not really a human, but I play one on earth Remember How Lucky You Are
Re: Reverse MD5
by missingthepoint (Friar) on Feb 05, 2009 at 05:56 UTC

    Do you mean installing the module failed due to failing tests?

    If so, try:

    $ cpan cpan> force install Digest::MD5::Reverse

    This will install it regardless of failed tests. Then, read its documentation and post again if you need help.

    Update: there's nothing to it, you just pass an MD5 hash represented with ASCII characters ('A5F218'... instead of "\xa5\xf2\x18") to the reverse_md5() function. A simple script that lets you pass hashes from the command line:

    use strict; use warnings; use Digest::MD5::Reverse; die "Usage: $0 <md5 hash in ascii>\n" unless @ARGV; my $md5 = shift; my $plaintext = reverse_md5($md5); print( defined $plaintext ? "$md5\t$plaintext" : "NOTFOUND", "\n" );

    The scary thing is I recognized the hash in the docs as being the hash of the string 'foo' without passing it to reverse_md5()... :|

    I'm getting sick of my 3 line sig...

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://727370]
Approved by ccn
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (3)
As of 2018-06-24 11:18 GMT
Find Nodes?
    Voting Booth?
    Should cpanminus be part of the standard Perl release?

    Results (126 votes). Check out past polls.