The main goal of MD5 was to hide sensitive data like passwords by encrypting it in a database, so that even if the database is downloaded by someone, there is no way they can get all the passwords directly. The MD5 algorithm has been created especially to not have a reverse function. Why?
MD5 is not an encryption algorithm, it’s a hash function. It’s a one way cryptographic function.
It’s possible to guess what the original string was, by using brute force or rainbow tables, but there is no decryption function.
If you are asking this question, I suppose you need a quick reminder on how the MD5 algorithm works. Also, even if there is no reverse function, I will give you a few solutions to try to decrypt it.
How the MD5 algorithm really works?
Back to the basics
MD5 stands for “Message Digest algorithm 5”.
It’s a hash function that will convert any input (number, string or file from any length) to an output containing 32 hexadecimal characters.
For example, the MD5 hash corresponding to the string “MD5Online” is “d49019c7a78cdaac54250ac56d0eda8a”.
There is no logic in the result, and if you have only the MD5 hash, good luck to find the original value 🙂
Also, two sources can have the same MD5 hash as a result of the MD5 function. There is no uniqueness in this algorithm. Even it’s pretty rare, it may happen.
Create MD5 hashes
As MD5 has been around for a long time, most programming languages and operating systems include a way to generate MD5 hashes.
On Linux, the command md5sum will give you the result for a file. In PHP, there is the md5() function. Etc.
There are also some software you can use to do the same thing. For example, HashCalc is a gret tool for this:
It works for text string and files.
And obviously, you can use the MD5 encryption tool on this website to do this effortlessly.
How can some people “decrypt” MD5 hashes?
“To decrypt a MD5 hash” is not the correct expression as there is no reverse function. Cracking it will be better, but you understand the idea.
An analogy that is often used to illustrated how MD5 works is a recipe of some kind.
Let’s take a healthy smoothie as an example. Someone is offering you a green smoothie:
The ingredients are the equivalent of the original word, and the smoothie is like the MD5 hash.
You have the smoothie but have no idea what’s in it in the one who made it didn’t tell you.
You can guess, maybe there is some spinach? avocado? apples? But you can’t be sure.
That’s the same thing with the MD5 algorithm.
You can try to hash a word, and see if it gives the MD5 hash you are looking for.
If not, try another word, etc.
Obviously, the technology will help you to do this, you’ll not do it one by one for years until finding it.
There are several solutions you can try, that’s what I’ll explain in the last part.
3 solutions you can try
To complete this article, I don’t want to let you down. If you were reading this, it’s probably that you need to “decrypt” something and are looking for solutions. That’s why I will conclude with 3 solutions you can try to crack MD5 hashes.
The first option is to create or download a dictionary. That’s to say a file containing thousands of words that might be the original for your MD5 hash.
For example, you can use the most common words in English, or the most common passwords if your MD5 is a password representation.
Once you have everything in a file, with one word or password per line, you can run a program to hash each one in MD5, and see if there is a match with the MD5 hash you want to crack.
This process has small chances of success, but it might work for easy hashes like basic passwords and numbers.
You can find good word lists on some websites (like Weakpass), and use tools like Hashcat to help you to do this (we’ll get to it in the next part).
Hashcat is a popular tool for hackers, this software is the ultimate toolbox for anything related to MD5 and other algorithms.
Anyway, I already have an article on how to use Hashcat, so I’ll be quick here.
But basically, it will help you for two things:
- There is one mode where you can tell it to use a dictionary file (the word lists from the previous solution), and it will check it against your MD5 hashes list to identify any match. This will be really fast, even for giant word lists, so that’s your best option for this.
- Another mode is the brute-force attack. Everything is explained in the article linked above, but the idea is to try any word in a specific range or mask (ex: all 7 letters words in lowercase). The speed of this will highly depend on your hardware. You need a good graphic card (like this one) to make it faster.
Check the article on the topic (link above) or the official website if you need further information about Hashcat.
MD5Online decryption tool
Last but not least, the best way to decrypt a MD5 hash is to use MD5Online.
It’s like the ultimate solution in this field. We’ll run all the solutions I gave you in background and way more. You just put your MD5 hashes in a form, and we’ll work on it for you.
At the time of writing, we have a success rate over 85% for any hash that is added in our system.
It may take 10s or 2 weeks depending on the hash, but anyway, we often find the original value.