不，不可能反转诸如MD5这样的哈希函数:给定输出哈希值，除非已知关于输入消息的足够信息，否则不可能找到输入消息。

解密不是为哈希函数定义的函数;加密和解密是CBC模式下AES等密码的功能;哈希函数不加密也不解密。哈希函数用于摘要输入消息。顾名思义，没有反向算法可以设计。

MD5 has been designed as a cryptographically secure, one-way hash function. It is now easy to generate collisions for MD5 - even if a large part of the input message is pre-determined. So MD5 is officially broken and MD5 should not be considered a cryptographically secure hash anymore. It is however still impossible to find an input message that leads to a hash value: find X when only H(X) is known (and X doesn't have a pre-computed structure with at least one 128 byte block of precomputed data). There are no known pre-image attacks against MD5.

It is generally also possible to guess passwords using brute force or (augmented) dictionary attacks, to compare databases or to try and find password hashes in so called rainbow tables. If a match is found then it is computationally certain that the input has been found. Hash functions are also secure against collision attacks: finding X' so that H(X') = H(X) given H(X). So if an X is found it is computationally certain that it was indeed the input message. Otherwise you would have performed a collision attack after all. Rainbow tables can be used to speed up the attacks and there are specialized internet resources out there that will help you find a password given a specific hash.

It is of course possible to re-use the hash value H(X) to verify passwords that were generated on other systems. The only thing that the receiving system has to do is to store the result of a deterministic function F that takes H(X) as input. When X is given to the system then H(X) and therefore F can be recalculated and the results can be compared. In other words, it is not required to decrypt the hash value to just verify that a password is correct, and you can still store the hash as a different value.

重要的是使用密码哈希或PBKDF(基于密码的密钥派生函数)来代替MD5。这样的函数指定如何将盐和散列一起使用。这样就不会为相同的密码(来自其他用户或其他数据库)生成相同的散列。由于这个原因，密码哈希也不允许使用彩虹表，只要盐足够大并且正确随机。

Password hashes also contain a work factor (sometimes configured using an iteration count) that can significantly slow down attacks that try to find the password given the salt and hash value. This is important as the database with salts and hash values could be stolen. Finally, the password hash may also be memory-hard so that a significant amount of memory is required to calculate the hash. This makes it impossible to use special hardware (GPU's, ASIC's, FPGA's etc.) to allow an attacker to speed up the search. Other inputs or configuration options such as a pepper or the amount of parallelization may also be available to a password hash.

然而，它仍然允许任何人验证给定H(X)的密码，即使H(X)是密码哈希。密码哈希仍然是确定的，所以如果有人知道所有的输入和哈希算法本身，那么X可以用来计算H(X)，并且-再说一次-结果可以进行比较。

常用的密码散列有bcrypt、scrypt和PBKDF2。还有各种形式的Argon2，它是最近密码哈希竞赛的赢家。在CrackStation上有一篇很好的关于密码安全的博文。

可以使对手无法执行哈希计算来验证密码是否正确。为此，可以使用胡椒作为密码散列的输入。或者，哈希值当然可以使用AES等密码和CBC或GCM等操作模式进行加密。然而，这需要独立存储秘密/密钥，并且比密码哈希有更高的访问要求。

不，这是不可能的。您可以使用字典，也可以尝试散列不同的值，直到获得您正在寻找的散列。但它无法被“解密”。

理论上，对哈希值进行解密是不可能的，但您可以使用一些肮脏的技术来获取原始的纯文本。

Bruteforcing: All computer security algorithm suffer bruteforcing. Based on this idea today's GPU employ the idea of parallel programming using which it can get back the plain text by massively bruteforcing it using any graphics processor. This tool hashcat does this job. Last time I checked the cuda version of it, I was able to bruteforce a 7 letter long character within six minutes. Internet search: Just copy and paste the hash on Google and see If you can find the corresponding plaintext there. This is not a solution when you are pentesting something but it is definitely worth a try. Some websites maintain the hash for almost all the words in the dictionary.

不，你不能解密/反向md5，因为它是一个单向哈希函数，直到你不能在md5中发现广泛的漏洞。 另一种方法是有一些网站有大量的密码集数据库，所以你可以尝试在线解码你的MD5或SHA1哈希字符串。 我尝试了http://www.mycodemyway.com/encrypt-and-decrypt/md5这样的网站，它对我来说工作得很好，但这完全取决于你的哈希，如果哈希存储在数据库中，那么你可以得到实际的字符串。

无法恢复md5密码。(任何语言)

但是你可以:

给用户一个新的。

找个彩虹表，也许能找回旧的。

从技术上讲，这是“可能的”，但在非常严格的条件下(彩虹表，基于用户密码在哈希数据库中的可能性非常小的暴力强制)。

但这并不意味着它是

可行的 或 安全

你不想“反转”一个MD5哈希。使用下面列出的方法，您将永远不需要。“逆转”MD5实际上被认为是恶意的——一些网站提供了“破解”和暴力破解MD5哈希的能力——但它们都是包含字典单词、以前提交的密码和其他单词的庞大数据库。有一个非常小的机会，它将有你需要反向的MD5哈希。如果你已经咸MD5哈希-这也不会工作!：）

使用MD5哈希的登录方式应该是: 在注册过程中: 用户创建密码->密码使用数据库存储的MD5 ->哈希值进行哈希

在登录: 用户输入用户名和密码->(用户名选中)密码使用MD5哈希->哈希与数据库中存储的哈希进行比较

当需要“丢失密码”时: 2个选择:

用户发送一个随机密码来登录，然后在第一次登录时修改它。

or

用户会被发送一个链接来更改他们的密码(如果你有安全问题/等等)，然后新密码被散列，并用数据库中的旧密码替换