Decrypt MD5 Encrypted Password in a Minute and Secure

password security md5MD5 is most popular hash password encryption and using by  top most companies and CMS,

Ex- WordPress, Magento, Opencart etc.

Every small developer like me start their work with MD5 encryption, because our teachers, colleges and some other direct or indirect people who instruct during learning recommend to use MD5 because it's impossible to crack.

If 'Yes' then 'Ok', If 'Not' then 'Ok'... Actually it's not impossible but almost impossible.

Why MD5 Encryption Almost Impossible To Crack but not Impossible ?

Sometime readers ask me a common question "Why you are creating confusion ?". Actually every Blogger having their own way to write article try to make their words more friendly, and I'm realize my current learning stage so try to make article simple as I can.

First we should know what is MD5 Encryption: MD5 implies a 128-bit encryption calculation, producing a 32-character hexadecimal hash, whatever the captcha. This calculation is not reversible, ie it is typically difficult to locate the original word from the MD5 hash.

I will answer 2nd question after cracking a WordPress MD5 Password

I just install a WordPress on my localhost after that I goto PhpMyAdmin and lookup WordPress database, after that reveal users data from wp_users table, and set password for admin account which I forgot.

Cracking MD5 Secured Password

I think you know well this steps, when we forget WordPress admin password it can be reset from PhpMyAdmin

(For This Article Click Here !).

Step 1- Set new password for WordPress admin account. (Choose MD5 encryption because WordPress store password in MD5 Hash only)

Step 2- Copy MD5 encrypted value and goto http://www.md5online.org/

Step 3- Enter MD5 key and captcha and hit Decrypt.

Step 4- You will get real code with hash, it's cracked !

Now what you will do to secure your MD5 password and avoid simple cracking or hacking, let's read down.

How to bullet secure MD5 Encryption:

As above procedure I repeat process but now I done a small changes, I tried to confirm security level of MD5.

I again reset password but now game is change, password is no easy as above. I add Capital letter, number & special characters.

After that again goto md5online.org and fill all details as required and hit to Decrypt. 

Secure MD5 Encryption

Now sound like charm !, trust stability remains constant with MD5, means low secured password can easily Decrypt.

Reality behind MD5 Decryption, Alternative and Fact:

The best decision is to NOT utilize passwords alone any longer by any stretch of the imagination. Choose if login is truly required for your site, and on the off chance that it is, attempt to utilize a third gathering supplier first. On the off chance that that is impossible consider a secret key + token from RSA. Just utilize a secret key alone in the event that you have no other suitable choices.

At the point when hashing a secret word the key is to hash(password + salt) and the salt should be unique per client, and also difficult to guess. Utilizing the Username meets the first criteria and is superior to anything no salt or the same salt for every client. Furthermore, you would be shrewd to let the inquiry itself do the hashing. Moderate? Yes, and that is ALSO something to be thankful for.

 

 

Himanshu is a young engineer living in India. Currently working at Cognizant as a Senior Engineer. He is an ethical hacker & blogger too, doing lots of crazy stuff... If you seem interesting, go through his portfolio: www.himstar.info : "Open Source. Millions of open minds can't be wrong!

11 comments: On Decrypt MD5 Encrypted Password in a Minute and Secure

  • Hi Himanshu Dhiraj Mishra (Himstar),

    I think MD5 is no longer used for encrypting password coz there are many other methods available to encrypt your password you can use hash('sha512' 'password') and use a specified string length from it. this all depends upon you how develop your programming logic.

  • German Enrique Sanchez Quintero

    All pass already save in a dictionary ... Try again with a password like this : $347@jsglka123 ... This will take long time ... 

  • Goce Bogdanovski

    Md5 is shity encryption, and php too.

  • Isn't this just an MD5 hash lookup? Websites doing this have been around for about 10 years. It isn't decrypting it - it's comparing it to a list of known hashes for unsalted MD5 strings. It's completely useless against salted hashes or even hashes of unknown string combinations - like passwords should be.

  • If your using WordPress you should also have Google authenticator integration enabled. This way even if they break the password and salt there is a second step. https://wordpress.org/plugins/wp-google-authenticator/

  • Ben Scholzen (DASPRiD)

    +WebSystem
    Rather just use bcrypt.

  • +Martin Zeitler Actually, it looks like they are simply creating a huge lookup table for hash codes... 

  • Try this
    For(i=0;i

  • MD5 is a hashing algorithm ...this means, there can be several matching decrypted versions (the "decryption" is most likely performed via rainbow tables, instead some kind of reverse calculation, I'd assume).

  • Just use bcrypt, it's pretty much the industry-standard by now.

  • With a random key added to the password before hasing

Leave a reply:

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Site Footer

Sliding Sidebar

We are India’s largest Startup Community


We are team of ' Delhi Startups ' , most active startup community with strict spam policy.
We are making !deas happen..for future, business and jobs without charging anything, with connecting entrepreneurs.. It's a reason to trust on us.
Come and join or subscribe, we will defiantly give a reason to like us.

Our Facebook Page