有人告诉我,他见过这样的软件系统:

从其他系统检索MD5加密密码; 解密加密的密码和 使用系统自己的算法将密码存储在系统的数据库中。

这可能吗?我认为解密MD5哈希是不可能/可行的。

我知道有MD5字典,但是有真正的解密算法吗?


当前回答

MD5是一个加密(单向)哈希函数,因此没有直接的方法来解码它。加密哈希函数的全部目的就是你不能撤销它。

您可以做的一件事是使用蛮力策略,即猜测哈希了什么,然后使用相同的函数哈希它,看看它是否匹配。除非散列数据非常容易猜测,否则可能需要很长时间。

其他回答

不直接。由于鸽子洞原理,有(可能)不止一个值散列到任何给定的MD5输出。因此,你不能肯定地扭转它。此外,MD5是为了使查找任何这样的反向哈希变得困难(然而,已经有产生冲突的攻击-也就是说,产生两个哈希到相同结果的值,但您无法控制最终的MD5值是什么)。

但是,如果将搜索空间限制为长度小于N的普通密码,则可能不再具有不可逆性属性(因为MD5输出的数量远远大于感兴趣域中的字符串数量)。然后,您可以使用彩虹表或类似的反向哈希。

不。MD5不是加密(尽管它可能被用作一些加密算法的一部分),它是一个单向哈希函数。作为转换的一部分,大部分原始数据实际上“丢失”了。

Think about this: An MD5 is always 128 bits long. That means that there are 2128 possible MD5 hashes. That is a reasonably large number, and yet it is most definitely finite. And yet, there are an infinite number of possible inputs to a given hash function (and most of them contain more than 128 bits, or a measly 16 bytes). So there are actually an infinite number of possibilities for data that would hash to the same value. The thing that makes hashes interesting is that it is incredibly difficult to find two pieces of data that hash to the same value, and the chances of it happening by accident are almost 0.

A simple example for a (very insecure) hash function (and this illustrates the general idea of it being one-way) would be to take all of the bits of a piece of data, and treat it as a large number. Next, perform integer division using some large (probably prime) number n and take the remainder (see: Modulus). You will be left with some number between 0 and n. If you were to perform the same calculation again (any time, on any computer, anywhere), using the exact same string, it will come up with the same value. And yet, there is no way to find out what the original value was, since there are an infinite number of numbers that have that exact remainder, when divided by n.

That said, MD5 has been found to have some weaknesses, such that with some complex mathematics, it may be possible to find a collision without trying out 2128 possible input strings. And the fact that most passwords are short, and people often use common values (like "password" or "secret") means that in some cases, you can make a reasonably good guess at someone's password by Googling for the hash or using a Rainbow table. That is one reason why you should always "salt" hashed passwords, so that two identical values, when hashed, will not hash to the same value.

一旦一段数据通过哈希函数运行,就没有回头路了。

不可能,至少在合理的时间内是不可能的。

通常的处理方式是密码“重置”。也就是说,你给他们一个新的(随机的)密码,并在电子邮件中发送给他们。

MD5是一种哈希算法,不能还原哈希值。

您应该添加“更改密码功能”,用户提供另一个密码,计算散列并将其存储为新密码。

要做到这一点并不容易。这就是首先对密码进行哈希的意义。:)

你应该做的一件事是手动为他们设置一个临时密码,并将其发送给他们。

我不愿提及这一点,因为这是一个坏主意(而且也不能保证一定有效),但您可以尝试在彩虹表(如milw0rm)中查找散列,看看是否可以通过这种方式恢复旧密码。