Search code examples
securitymd5

MD5 hash reversing

I know it's not possible to reverse an MD5 hash back to its original value. But what about generating a set of random characters which would give the exact same value when hashed? Is that possible?

Solution

  • Finding a message that matches a given MD5 hash can happen in three ways:

    1. You guess the original message. For passwords and other low entropy messages this is often relatively easy. That's why we use use key-stretching in such situations. For sufficiently complex messages, this becomes infeasible.
    2. You guess about 2^127 times and get a new message fitting that hash. This is currently infeasible.
    3. You exploit a pre-image attack against that specific hash function, obtained by cryptoanalyzing it. For MD5 there is one, with a workfactor of 2^123, but that's still infeasible.

    There is no efficient attack on MD5's pre-image resistance at the moment.

    There are efficient collision attacks against MD5, but they only allow an attacker to construct two different messages with the same hash. But it doesn't allow him to construct a message for a given hash.