How can it be impossible to “decrypt” an MD5 hash? [duplicate]

by

Basically it’s because the output of MD5 contains less information than the input. This is basically what distinguishes a hash algorithm from an encryption algorithm.

Here’s a simple example: imagine an algorithm to compute the hash of a 10-digit number. The algorithm is “return the last 2 digits.” If I take the hash of 8023798734, I get 34, but if all you had is the 34, you would have no way to tell what the original number is because the hashing algorithm discarded 8 digits worth of information. It’s similar with MD5, except that the hash is computed via a complex procedure instead of just chopping off part of the data.

So then how can one hash be better than another? For one thing, different hash algorithms can be more or less resistant to collisions (when two inputs produce the same output). The probability of a collision is inversely related to the number of possible hash outputs. Collisions are an undesirable feature of hashes because if your data changes, you want the hash to change too, so one way to get a better hash algorithm is to use a hash with more possible outputs. In the digits example above, taking the last 4 digits instead of the last 2 digits reduces the probability of a collision with a given hash (technically called a preimage) to 1 in 10000 instead of 1 in 100, so it’s more likely that all the 10-digit numbers in whatever set you have will have different hash values.

There’s also the issue of cryptographic security. When you want to use a hash to make sure that some data is not tampered with, it’s desirable that whoever’s doing the tampering can’t predict what inputs will produce a given output. If they could, they would be able to alter the input data in such a way that the output (the hash) remains the same. Going back to the digits example again, let’s say I’m going to email you the number 1879483129 and it is critically important that this number gets to you unaltered. I might call you up and tell you the hash of the number, which would be 29, but since the “last 2 digits” algorithm is not cryptographically secure, a nefarious hacker could change the number en route to, say, 5555555529 and you wouldn’t know the difference.

It’s been shown that MD5 is not cryptographically secure (and SHA-1 is also compromised). That means that it is possible to find different inputs which correspond to any given output. It’s still a fine algorithm for protecting against random bit flips and the like, but if there’s a chance someone might want to intentionally corrupt your data, you should really use something more secure, like SHA-256 or greater, probably as part of an HMAC scheme.

More Related Contents:

  1. Is it possible to decrypt MD5 hashes?
  2. Is it possible to decrypt MD5 hashes?
  3. Is there an MD5 Fixed Point where md5(x) == x?
  4. How come MD5 hash values are not reversible?
  5. Is calculating an MD5 hash less CPU intensive than SHA family functions?
  6. Can two different strings generate the same MD5 hash code?
  7. How are hash functions like MD5 unique?
  8. Is MD5 still good enough to uniquely identify files?
  9. How can I generate an MD5 hash in Java?
  10. Difference between Hashing a Password and Encrypting it
  11. How many random elements before MD5 produces collisions?
  12. Is it safe to ignore the possibility of SHA collisions in practice?
  13. The necessity of hiding the salt for a hash
  14. Are there any SHA-256 javascript implementations that are generally considered trustworthy? [closed]
  15. How to get the MD5 hash of a file in C++? [closed]
  16. Password hashing, salt and storage of hashed values
  17. encrypt and decrypt md5
  18. Possible to calculate MD5 (or other) hash with buffered reads?
  19. When is CRC more appropriate to use than MD5/SHA1?
  20. md5 decoding. How they do it?
  21. Simple (non-secure) hash function for JavaScript? [duplicate]
  22. How do I generate a SALT in Java for Salted-Hash?
  23. Why is ‘397’ used for ReSharper GetHashCode override?
  24. Why are XOR often used in java hashCode() but another bitwise operators are used rarely?
  25. How to decrypt a password from SQL server?
  26. Why are 5381 and 33 so important in the djb2 algorithm?
  27. MD5 security is fine? [closed]
  28. node.js hash string?
  29. php: number only hash?
  30. Best practice for hashing passwords – SHA256 or SHA512?

Leave a Comment