What's MD5 Encryption all about?

We've just started using MD5 encryption to secure logins to great effect. Before the password was sent as plaintext - the actual password - and so if there were a sniffer on the network they could detect the password and login as that person - Not anymore. MD5 encryption is all very good. You trust

We've just started using MD5 encryption to secure logins to great effect. Before the password was sent as plaintext - the actual password - and so if there were a sniffer on the network they could detect the password and login as that person - Not anymore. MD5 encryption is all very good. You trust it all over the place to keep passwords secure but how and why is MD5 encrypted data?

What is MD5

MD5 is a one way only encryption method. What is does is calculate a hash (a hex number) which is unique to a set of data.

So how does this help at all? Well if you have a password, and your real password is stored on a server: the password gets encrypted into a md5 hash. That hash is sent across the network. The password on the server is then made into a md5 hash and if they wre the same then the password sent is the same as the one on the server. Tada...

Cracking MD5 Hashes

Not very complicated really but how secure is it? Well MD5 hashes can be decrypted but its a very hard technique. The method of doing it? Brute forcing.

This basically entails encrypting every combination of letters, characters and numbers for variable lengths into a MD5 hash and comparing that to the hash that you're trying to crack.
If you're trying to crack a password which is "pie" you work out the MD5 sums for:

a
b
c
1
2
3
$
£
.... etc ....
aa
ab
.... etc ....
ba
bb
.... etc ....
aaa
aab
.... etc ....
up until:
pie

That's a smeg load of calculations! if the password is longer then it takes even longer! And the time goes up at a truely exponential rate as the password gets longer.

So that's that but what else can and are MD5's used for?

MD5s can be used a method of making sure a file is the same on the server as it is when it gets to the client. By storing a md5 of all the data in a file and giving that to a client the client can then get a hash on the file. If they are the same all the data in the file is the same.

Written by Oli on Monday, 01 November 2004. Tagged with security, encryption, md5. Read 4207 times. If you liked it, please give it a digg.

#1 — Author comment /* 2 years, 2 months ago */

One thing that makes cracking a MD5 hash easier is having a table of all the hashes available. They use tons of space but makes searching for the original string a lot easier.

QuoteSiteProfile

Oli Numero Uno

#2 /* 74 days, 7 hours ago */

Is the hash really unique? If two different text strings can hash to the same string, then there may be several passwords that will yield the same MD5 hash. AS a result, lengthening the password beyond a certain pont (I believe this is about 8 characters) doesn't improve security because there is some shorter combination that will yield the same hash.

Quote

Dan Woodard Anonymous User

Don't just sit there like a lemon! Reply!

Got something to say? Now's the time to share it with the author and everybody else that reads this posting! Lemons need not apply.

Name (required)

E-mail (required but not displayed)

Send me an email when somebody replies

Message