Reversing MD5 using PHP
This php script attempts to reverse the MD5 hash algorithm, its a good example of why you should always use salts when storing password hashs. I've designed the script so that it uses very little memory (the server only has 256mb of ram) relying heavily on a binary search method within a file in what is a space-time trade off.
The result is a fast, low memory (when running it uses just 2mb of memory) script that can check a MD5 hash against a database of about 50,000,000 possibilities thousands of times per second. Give it a go.. It should crack about 20% of passwords (I tested it against a legacy dataset).
Im in the process of building a more comprehensive set of tables for this - once its finished it should be heaps better.
Latest deciphered hashes
| Date | Checksum | Plain text |
|---|
Using salts
Its pretty straight forward to protect against these attacks. You just need to use a salt or nonce when hashing your passwords, its best to have a different one for each password - otherwise a potential attacker could just build a database for your specific set of hashs.