MD5 cracking knowledge

I haven't updated it for a long time. I have reviewed the documents on my computer today, and I have reviewed them. I 'd like to edit them again. I 'd like to post them here for future reference.

 

Many applications hash and save the user password using the MD5 algorithm, instead of saving the plaintext of the password. MD5 is unidirectional and there is no reverse algorithm. However, intruders may still use multiple methods to crack the MD5 hash string into plain text passwords.

 

Generally, MD5 cracking refers:
(1) for any y, evaluate X to make MD5 (x) = y;
(2) Calculate X2 for the given X1 so that MD5 (X1) = MD5 (X2 );
(3) Calculate X1 and X2 so that MD5 (X1) = MD5 (X2 ).

 

Any method that meets one of the preceding three conditions is called the MD5 cracking algorithm. Currently, no algorithm can meet condition 1. Collision Algorithms that meet condition 2 or 3 have been discovered by Professor Wang Xiaoyun of Shandong University. Despite this, it is still very difficult for common users to crack MD5 algorithms, so MD5 is still a relatively secure algorithm.

 

Currently, direct attacks against MD5 passwords are mainly carried out using the exhaustive method or the rainbow method. The exhaustive method is to use MD5 to calculate the plaintext of a possible password, and then the obtained hash value is directly compared with the MD5 hash value to be cracked, determine whether the plaintext is the plaintext of the password corresponding to the known MD5 hash value. When the password space is determined, the brute-force cracking Efficiency depends on the computing performance of the computer. In addition to directly using the CPU for computing, the GPU's high parallel computing performance can also be used for processing.

 

The rainbow method is improved based on the exhaustive method. the MD5 hash value and the original plaintext data form a one-to-one dictionary ing table (the more digits the plaintext data have, the ing table length will increase exponentially), and then find the original plaintext corresponding to the cracking password from the ing table by searching and matching. Generally, a dictionary ing table is generated using software algorithms. When the text data is random, the rainbow method requires a large number of storage devices to store the ing table and build efficient search engines and algorithms. Obviously, the attack efficiency of the rainbow method depends on the storage space and search mechanism of the computer.

 

MD5 hash values are generally 32-bit, and there are also 16-bit hash values. Generally, the 16-bit MD5 value is to take the 32-bit 9th-bit to 24-bit, that is, to remove the first 8 bits and the last 8 bits of the 32-bit value, basically, it is impossible to directly convert the 16-bit MD5 value to 32-bit.

 

Currently, many websites on the Internet provide MD5 encryption or decryption queries. Decryption enters the encrypted MD5 value into the website. If the MD5 value exists in the website database, the corresponding MD5 plaintext is the password. Common online MD5 cracking websites (domestic and foreign websites, free of charge and partially charged) include:
Http://www.cmd5.com
Http://www.xmd5.com
Http://www.hashkiller.co.uk/
Http://www.md5this.com/
Http://www.netmd5crack.com/

In addition, note that some websites cannot recognize the differences between MD5 hash values and Case sensitivity.

 

This article from the "Sky High bird fly, sea wide fish Yue" blog, please be sure to keep this source http://xjlegend.blog.51cto.com/59163/1565540

MD5 cracking knowledge