Hash Decryption Free. Hash decryption: the simplest methods Hash decryption

It happens that you forget the code from the front door, and you stand, waiting for someone who has a better memory than yours. Although scientists have the best memory. They still remember those times when they burned their heels with a red-hot iron for new knowledge. Otherwise, they would not have come up with such a terrible thing as MD5 decryption. And before that, they also managed to encrypt it!

What is MD5?

MD5 is one of the 128-bit based hashing algorithms. Hashing is understood as the transformation of input data according to a certain algorithm into a bit string of a certain length. In this case, the result obtained during the calculations is presented in the hexadecimal system. It is called hash, hash sum or hash code.

The hashing process is widely used in programming and the web industry. Mainly for creating unique values ​​in associative arrays, identifiers.

Scope of hash codes:

• Creation of electronic signatures;
• Storing passwords in databases of security systems;
• Within the framework of modern cryptography to generate unique keys online;
• Checking the authenticity and integrity of the elements of the PC file system.

MD5 as a hashing standard was developed in 1991 to create a unique hash code from a given value and then verify its authenticity.

The md5sum utility, designed to hash the data of a given file using the MD5 algorithm, returns a string. It consists of 32 hexadecimal numbers (016f8e458c8f89ef75fa7a78265a0025).

That is, the hash received from the function, which is based on this algorithm, produces a string of 16 bytes (128) bits. And this string includes 16 hexadecimal numbers. In this case, changing at least one of its characters will lead to a subsequent irreversible change in the values ​​of all other bits of the string:

MD5 Reliability Issues

It would seem that such a characteristic of MD5 should provide a 100% guarantee of invulnerability and data preservation. But even this was not enough. In the course of ongoing research, scientists have identified a number of gaps and vulnerabilities in this algorithm, which was already common at that time. The main reason for the weak security of MD5 is the relatively easy detection of collisions in encryption.

Collision is understood as the possibility of obtaining the same result of hash function calculations with different input values.

Simply put, the greater the probability of finding collisions, the lower the reliability of the algorithm used. The probability of finding collisions when encrypted with more reliable hash functions is practically reduced to 0.

That is, the high probability of decrypting MD5 passwords is the main reason for not using this algorithm. Many cryptologists ( data encryption experts) associate the low reliability of MD5 with the short length of the resulting hash code.

Scope of the hashing algorithm:

• Checking the integrity of files received via the Internet - many software installation packages are equipped with a hash code. During application activation, its value is compared with the value located in the developer's database;
• Search for duplicated files in the file system - each file has its own hash code. A special application scans the computer's file system, comparing the hashes of all elements. When a match is found, the utility notifies the user or removes the duplicate. One such program is Duplifinder:

• For password hashing - in the UNIX family of operating systems, each user of the system has his own unique password, which is protected by hashing based on MD5. Some Linux-based systems also use this password encryption method.

An overview of tools for decoding an MD5 hash code

Sometimes, when working with a computer or corrupted databases, it is necessary to decode a hash value encrypted with MD5.

It is most convenient to use specialized resources that provide the ability to do this online:

• md5.web-max.ca - this service has a simple and intuitive interface. To get the decoded value, you need to enter the hash and fill in the verification captcha field:

• md5decrypter.com is a similar service;
• msurf.ru - this resource has a simple Russian-language interface. Its functionality allows not only to decrypt hash code values, but also to create them:

If you look at the decoding values ​​displayed in the above figure, it becomes clear that the decoding process gives almost no results. These resources are one or more interconnected databases, which contain transcripts of the simplest words.

At the same time, the decoding data of the MD5 hash of even such a common part of the password as "admin" was found in only one database. Therefore, password hashes consisting of more complex and longer combinations of characters are almost impossible to decipher.

Creating an MD5 hash is a one-way process. Therefore, it does not imply reverse decoding of the original value.

Security basics when using MD5

This coding standard is one of the most common data protection methods not only in application but also in web programming. Therefore, it will not be superfluous to secure your md5 hash from intentional hacking.

The main way to ensure the security of your password hash is to use a "salt". It is based on adding a few random characters to the password and then hashing the result.

Many programming languages ​​use special classes and functions for this. Server-side programming languages ​​are no exception to the rule.

You can create an MD5 hash code in php using several functions:

• md5 () - as one of the parameters takes the value of "salt";
• crypt() - unlike the previous one, this function completely automates the whole process, including the generation of the salt value.

Its syntax is:

string crypt (string $str [, string $salt ])

Usage example:

$hash = crypto("password")

When using the md5() function in PHP, random number generation methods are used to set the salt value. For example rand() :

In addition to using "salt", several more methods have been developed to protect the MD5 hash.

cmd5.ru is one of the oldest hash decryption services that has existed since 2006. Service benefits:

• a unique database, unparalleled in volume - 4800 billion records;
• a huge number of supported types of hashes for enumeration;
• possibility of group processing of hashes;
• the presence of a software client to access the service.

In addition to free access to the service, there is an extended paid service package. Should I pay for decryption? Definitely yes, especially in cases where no other service can crack your password, or you are decrypting hashes on an ongoing basis, especially since the rates are quite democratic. From my own experience, I can say that this is the most effective service, so it takes an honorable first place.

hash types:

• md5(md5($pass))
• sha256
• mysql
• mysql5
• md5($pass.$salt);Joomla
• md5($salt.$pass);osCommerce
• md5(md5($pass).$salt);Vbulletin;IceBB;Discuz
• md5(md5($salt).$pass)
• md5($salt.$pass.$salt);TBDev
• md5($salt.md5($pass))
• md5(md5($pass).md5($salt))
• md5(md5($salt).md5($pass));ipb;mybb
• sha1($salt.$pass)
• sha1(lower($username).$pass);SMF
• sha1(upper($username).":'.upper($pass));ManGOS
• sha1($username.":'.$pass)
• sha1(salt.pass.'UltimateArena')
• MD5(Unix);phpBB3;WordPress
• Des(unix)
• mssql
• md5(unicode)
• serv-u
• radminv2.x

free | 329M+48G | md5 | dic

The service gives good results, as it uses third-party services in addition to its own local database. Allows you to send an unlimited number of passwords for decryption, there is an API.

free | 36g | md5 lm ntlm sha1 | rainbow tables

After a long offline, the TMTO (Time-Memory Trade Off Cracking) project has become available again. The base has become even larger, new algorithms have appeared, the service remains free, as before. I am pleased with the high speed of decryption due to the constant growth of the cluster. You can send an unlimited number of hashes for decryption at one time.

free & auth | 3M | md5 mysql mysql5 sha1 | dic rainbow tables

Hashcracking.ru is still in service, it allows you to search for mysql and mysql5 passwords, brute force by mask, it is possible to search through a dictionary with salt.

Although modern computer users are much more advanced than the first users of old systems, not everyone knows what it is and why decrypting a hash is needed (including online). As it turns out, everything is much simpler than it might seem at first glance.

What is hash encryption?

Based on the official definition, a hash is a fixed-length string that corresponds to some data (including confidential data) in encrypted form.

This technique will be applied mainly to logins and passwords using the MD5, NTLM, SHA-160 algorithms and derivatives based on them. The most common is the MD5 algorithm. Data encrypted with it, especially long passwords containing not only letters and numbers, but also special characters, is hopeless to decrypt using the standard selection method (although some programs and online services can decrypt short passwords).

Why decrypt the hash

Many users may quite naturally wonder how necessary all this is. However, the mistake of this approach is that they do not understand that they can forget the password they are looking for for some service, service or program after encryption, so that no unauthorized person can find it out, so to speak, in its pure form.

Recovering a password or login is sometimes impossible. And if you look at the basics of cryptography, this is where the decryption of the hash is required. In fact, this procedure is a reconstruction of the original combination from the modified data.

This process is quite laborious. For example, for the word “person”, the combination encrypted using the MD5 algorithm looks like. And that's just seven letters in the original word. What can we say about longer passwords containing numbers or special characters, and even case-sensitive ones! However, some applications and online services containing huge databases of most possible combinations can decrypt. Not always, however, successfully (everything depends on the initial combination), but in most cases you cannot refuse their effectiveness, although they use the brute force technique (brute force).

Program to decrypt password hash

One of the most powerful programs is considered to be the online application Hash Killer ("Hash Killer") from British programmers. Its database contains about 43.7 million known combinations of pairs.

The only drawback is that passwords containing Cyrillic characters are displayed incorrectly in the default encoding. But, as it is believed, the decryption of the hash in Latin is done instantly. According to statistics, the approximate time to decrypt three out of five simple passwords is half a second.

In addition, all kinds of contests are constantly held on the official resource of developers with the involvement of everyone. And they, in turn, as it turns out, are sometimes capable of producing rather unconventional solutions.

No less interesting is the decryption of the hash using the John The Ripper utility. It works quite fast, but the main drawback is that all the functions of the program can be used exclusively from the command line, which simply scares away many users.

Online decryption services

In principle, in order not to install software, you can also use online services to decrypt NT hashes of passwords or data of any other type.

These online resources are not always free. In addition, many of them contain not as large databases as we would like. But algorithms like MD5 or encryption using MySQL are mostly easy to recreate. In particular, this applies to the simplest combinations consisting of numbers.

But you should not deceive yourself, since such services do not always determine the decryption method automatically. That is, if encryption was performed using the base64 encode algorithm, the user must set the corresponding decode parameter himself. In addition, do not forget that there may be cases with unknown encoding, when decrypting the hash online becomes impossible at all.

Instead of an afterword

What is the best solution, it is difficult to say. Some users advise installing the Stirlitz application, which is mainly designed to decrypt passwords consisting of Cyrillic characters based on the binhex, base64, BtoA, xxencode, uuencode, etc. algorithms. But even in this case, a complete guarantee of success cannot be given.

Finally, before decoding, you should first pay attention to the combination itself. If it looks like unreadable characters, decryption may not be required (you just need to change the encoding). Otherwise, if such actions are really needed, it is better to resort to the help of the special utilities described above, and not to use Internet resources that offer online hash decryption.

• free access
• dictionary size
• supported hash types
• the presence of detailed cryptanalysis (for example, using Rainbow tables)

Updated 10/17/2019

1. cmd5.ru
   cmd5.ru is one of the oldest hash decryption services that has existed since 2006. Service benefits:
   • a unique database, unparalleled in volume - 4800 billion records;
   • a huge number of supported types of hashes for enumeration;
   • possibility of group processing of hashes;
   • the presence of a software client to access the service.

   In addition to free access to the service, there is an extended paid service package. Should I pay for decryption? Definitely yes, especially in cases where no other service can crack your password, or you are decrypting hashes on an ongoing basis, especially since the rates are quite democratic. From my own experience, I can say that this is the most effective service, so it takes an honorable first place.

   hash types:

   • md5(md5($pass))
   • sha256
   • mysql
   • mysql5
   • md5($pass.$salt);Joomla
   • md5($salt.$pass);osCommerce
   • md5(md5($pass).$salt);Vbulletin;IceBB;Discuz
   • md5(md5($salt).$pass)
   • md5($salt.$pass.$salt);TBDev
   • md5($salt.md5($pass))
   • md5(md5($pass).md5($salt))
   • md5(md5($salt).md5($pass));ipb;mybb
   • sha1($salt.$pass)
   • sha1(lower($username).$pass);SMF
   • sha1(upper($username).':'.upper($pass));ManGOS
   • sha1($username.':'.$pass)
   • sha1(salt.pass.'UltimateArena')
   • MD5(Unix);phpBB3;WordPress
   • Des(unix)
   • mssql
   • md5(unicode)
   • serv-u
   • radminv2.x

2. xsrc.ru
   free + paid | 100G | wpa pmkid | dictionary crowd

   xsrc.ru is an excellent service for selecting WPA handshakes, it is possible to purchase selected passwords from authorized members of the service with their own hash guessing capabilities for a small fee.

3. crackstation.net
   free | 190G | LM NTLM md2 md4 md5 md5(md5) md5-half sha1 sha1(sha1_bin()) sha224 sha256 sha384 sha512 ripeMD160 whirlpool MySQL 4.1+ | dic

   The description of the service states that the database includes all words from Wikipedia, as well as all public dictionaries that the author was able to find on the Internet. The dictionary used by the service is available for download. In addition, the twitter bot works @plzcrack.

4. md5.darkbyte.ru
   free | 329M+48G | md5 | dic

   The service gives good results, as it uses third-party services in addition to its own local database. Allows you to send an unlimited number of passwords for decryption, there is an API.

5. tmto.org
   free | 36g | md5 lm ntlm sha1 | rainbow tables

   After a long offline, the TMTO (Time-Memory Trade Off Cracking) project has become available again. The base has become even larger, new algorithms have appeared, the service remains free, as before. I am pleased with the high speed of decryption due to the constant growth of the cluster. You can send an unlimited number of hashes for decryption at one time.

6. hashcracking.com
   free & auth | 3M | md5 mysql mysql5 sha1 | dic rainbow tables

   hashcracking.ru is still in service, it allows you to search for mysql and mysql5 passwords, brute force by mask, it is possible to search through a dictionary with salt.

7. www.md5decrypter.co.uk
   free | 8.7G | md5 | dic

   Good free service with a decent base. You can send 12 md5 hashes for processing at a time. Among the minuses, it can be noted that only a dictionary check from the found passwords is used.

MD5 is a kind of, it appeared quite a long time ago, back in 1991. It stands for Message-Digest algorithm, it was created by Professor Rivest R. L. The essence of his work is that with its help, any information is encrypted according to the 128-bit hash format, which is the checksum of certain data. At the same time, counterfeiting such an amount is a very complicated process. As a rule, this mechanism is used to verify the authenticity of data that is transmitted already encrypted. The tool presented here gives you the ability to quickly and without much knowledge encrypt absolutely any text. The operation of this tool is based on the same. You just need to paste the text into the field and click the button, as a result you will get the hash sum of your text. Using our service, you can encrypt any information that has a text expression. It can be absolutely any texts, correspondence, passwords and so on. The undoubted advantage is that this algorithm cannot be decrypted, since the developer simply did not provide such a function. Therefore, it is safe to say that such a method can really secure your information very well.

Where else can the MD5 algorithm be used?

There is an opinion that the use of this algorithm allows you to create fairly secure identifiers for pieces of information. This feature has been widely used in various fields. For example, by comparing MD5 sums of files, it becomes possible to search for duplicate files on a computer. In this case, the contents of the files themselves are not used, the sum is simply checked. A striking example of this use of this algorithm is the dupliFinder program, which was very common both in Windows and under Linux. In addition, the MD5 algorithm is often used to check the integrity of downloaded files from the Internet. It works very simply. A person who places a link to download his file on the Internet, in the description, attaches the MD5 amount of this file. And the person who downloads it checks whether the declared amount matches the one he received after downloading.

Previously, many Linux-based operating systems used this algorithm to store user passwords in encrypted form. Thus, it turned out that only the user himself knew the password, and the system checked it against the MD5 sum. Although many new encryption methods have now appeared, this one is still used in many systems. The same method is used by our text tool. Most security experts agree that a password that is encrypted using the MD5 algorithm cannot be decrypted in any way. And there is only one way to hack it - through the usual enumeration of words.