What's MD5 Encryption all about?

We've just started using MD5 encryption to secure logins to great effect. Before the password was sent as plaintext - the actual password - and so if there were a sniffer on the network they could detect the password and login as that person - Not anymore. MD5 encryption is all very good. You trust

What is MD5

MD5 is a one way only encryption method. What is does is calculate a hash (a hex number) which is unique to a set of data.

So how does this help at all? Well if you have a password, and your real password is stored on a server: the password gets encrypted into a md5 hash. That hash is sent across the network. The password on the server is then made into a md5 hash and if they wre the same then the password sent is the same as the one on the server. Tada...

Cracking MD5 Hashes

Not very complicated really but how secure is it? Well MD5 hashes can be decrypted but its a very hard technique. The method of doing it? Brute forcing.

This basically entails encrypting every combination of letters, characters and numbers for variable lengths into a MD5 hash and comparing that to the hash that you're trying to crack.
If you're trying to crack a password which is "pie" you work out the MD5 sums for:

a
b
c
1
2
3
$
£
.... etc ....
aa
ab
.... etc ....
ba
bb
.... etc ....
aaa
aab
.... etc ....
up until:
pie

That's a smeg load of calculations! if the password is longer then it takes even longer! And the time goes up at a truely exponential rate as the password gets longer.

So that's that but what else can and are MD5's used for?

MD5s can be used a method of making sure a file is the same on the server as it is when it gets to the client. By storing a md5 of all the data in a file and giving that to a client the client can then get a hash on the file. If they are the same all the data in the file is the same.

#1 — Author comment /* 4 years, 10 months ago */

One thing that makes cracking a MD5 hash easier is having a table of all the hashes available. They use tons of space but makes searching for the original string a lot easier.

Quote Site Profile

Oli Numero Uno

#2 /* 2 years, 10 months ago */

Is the hash really unique? If two different text strings can hash to the same string, then there may be several passwords that will yield the same MD5 hash. AS a result, lengthening the password beyond a certain pont (I believe this is about 8 characters) doesn't improve security because there is some shorter combination that will yield the same hash.

Quote

Dan Woodard Anonymous User

#3 /* 16 months, 19 days ago */

i am not a lemon

Quote

cccc Anonymous User

#4 /* 15 months, 1 day ago */

Is the hash really unique? If two different text strings can hash to the same string, then there may be several passwords that will yield the same MD5 hash. AS a result, lengthening the password beyond a certain pont (I believe this is about 8 characters) doesn't improve security because there is some shorter combination that will yield the same hash.

could you elaborate on the bit where you mentioned "after a certain point......yield same hash as the shorter one" please?
and give an example?
thanks

.,;';"pav";';,.

Quote

Pavan Anonymous User

#5 /* 15 months, 1 day ago */

Is the hash really unique? If two different text strings can hash to the same string, then there may be several passwords that will yield the same MD5 hash. AS a result, lengthening the password beyond a certain pont (I believe this is about 8 characters) doesn't improve security because there is some shorter combination that will yield the same hash.

could you elaborate on the bit where you mentioned "after a certain point......yield same hash as the shorter one" please?
and give an example?
thanks

.,;';"pav";';,.

Quote

Pavan Anonymous User

#6 /* 11 months, 14 days ago */

Guilty as a lemon.

Quote