Can md5 be decrypted?-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

Can md5 be decrypted?

阿神

Mar 14, 2017 pm 10:47 PM

md5Decrypt

Anyone who has come into contact with md5 knows that md5 cannot be decrypted, but why are there many websites on the Internet claiming to be able to crack MD5? This article will discuss this issue.

First of all, as said on the Internet, there are many cracked versions of md5 that can be reversed, but they are only based on running a dictionary. The so-called dictionary running is to use the md5 encoding of some commonly used words and phrases for comparison. Notice! It's "commonly used"!
If anyone can't understand what commonly used means, let me give you a mathematical example.
Assume that when x=1, y=1, and when x=0, y=0. What is everyone’s first reaction to this function? y=x^n（n>0）or (y-0.5)^2+(x-0.5)^2=(0.5)^2
This is a commonly used function.
Then what is not commonly used? It’s still the same condition as above: y=log2(x+1)
Okay, it’s actually a commonly used function = =, but it’s too troublesome to compile a less commonly used one - Please forgive me for being lazy.
Suddenly I had an idea and thought of a function that is not commonly used: y=∫ (upper limit 1) (lower limit 0) (8x^3+8x^2-16x)dx.

Let’s look at an example:

MD5 processes the input information in 512-bit groups. Each group is divided into 16 32-bit sub-groups. After a series of processing, the output of the algorithm consists of four 32-bit groups. These four 32-bit sub-groups are The group concatenation will produce a 128-bit hash value. In the MD5 algorithm, the information first needs to be processed so that its byte length is 448 after the remainder of 512. Therefore, the byte length of the information will be extended to N*512+448, that is, N*64+56 bytes, where N is a positive integer. The filling method is as follows: fill in a 1 at the end of the information, and then supplement it with 0 until the conditions are met. This result is then appended with a pre-padding information length expressed in 64-bit binary. After these two steps of processing, the direct length of the information changes to N*512+448+64=(N+1)*512, that is, the length is exactly an integer multiple of 512. This is done to meet the information length requirements in subsequent processing.

There are four 32-bit integer parameters called connection variables in MD5, which are:

A=0x01234567；

B=0x89abcdef;

C=0xfedcba98；

D=0x76543210.

There are also 4 processing bit operation functions, they are:

F(X,Y,Z)=(X&Y)|((~X)&Z);

G(X,Y,Z)=(X&Z)|(Y&(~Z));

H(X,Y,Z)=X^Y^Z;

I(X,Y,Z)=Y^(X|(~Z));

Among them, X, Y, Z respectively represent any 32-bit integer. & is the AND operation, | is the OR operation, ~ is the NOT operation, and ^ is the XOR operation [4].

The specific steps are:

First, copy A to the a variable, B to the b variable, C to the c variable, and D to the d variable. Then, four rounds of the main loop are performed, each round performing 16 operations. Each operation performs a nonlinear function operation on three of a, b, c, and d, and then adds the result to the fourth variable, a subgroup of the text, and a constant. Then move the result to the right by an indefinite number, and add one of a, b, c, and d.

From the above example, we can clearly know that md5 is to simplify the text content of any length into a 128-bit hash number. Whether the text content has only one letter a, or a long paper with more than 10,000 words, it is all reduced (or filled) into a 128-bit hash number. This makes cracking almost impossible.

Why do you say that? Still in the example just now, I tell you the result "x=0, when y=0; when x=1, y=1" but I don't tell you (in fact, no one will count how many characters are in the document) what kind of function is this? , is it a log function, a linear function, or a higher-order function? I don’t know, how can I crack it?

Moreover, in fact, in the field of encryption, DES and RSA are the real encryption, while MD5 is more used for document verification and is used to generate keys to detect whether the document has been tampered with.

After seeing this, it should be clear to everyone that md5 cannot be decrypted

Two more good knowledge points:

1.So-called encryption:

Encryption technology is the most commonly used security and confidentiality method. It uses technical means to turn important data into garbled codes (encrypted) for transmission, and then restores (decrypts) it using the same or different means after reaching the destination.
Encryption technology consists of two elements: algorithm and algorithm (which is the step of combining ordinary information or understandable information with a string of numbers) to produce incomprehensible ciphertext. The key is used to encode and decrypt data. an algorithm. In security and confidentiality, the security of network information communication can be ensured through appropriate key encryption technology and management mechanisms.

2.So-called hash:

Hash, generally translated as "hash", and also directly transliterated as "hash", is to convert input of any length (also called pre-mapping, pre-image) into a fixed-length input through a hash algorithm. The output is the hash value. This conversion is a compressed mapping, that is, the space of hash values is usually much smaller than the space of inputs. Different inputs may hash into the same output, and it is impossible to uniquely determine the input value from the hash value.
Simply put, it is a function that compresses a message of any length into a fixed-length information digest.
HASH is mainly used as an encryption algorithm in the field of information security. It converts information of different lengths into a messy 128-bit code, called a HASH value. It can also be said that hash is to find a data content and data storage address. mapping relationship between them.
The application of Hash algorithm in information security is mainly reflected in the following three aspects:
1) File verification
The verification algorithms we are more familiar with include parity check and CRC check. These two Checksums do not have the ability to resist data tampering. They can detect and correct channel errors in data transmission to a certain extent, but they cannot prevent malicious damage to data.
The "digital fingerprint" feature of the MD5 Hash algorithm makes it the most widely used file integrity checksum (Checksum) algorithm. Many Unix systems provide commands for calculating md5 checksum.
2) Digital signature
Hash algorithm is also an important part of modern cryptography system. Because asymmetric algorithms operate slowly, one-way hash functions play an important role in digital signature protocols. Digitally signing a hash value, also known as a "digital digest," can be considered statistically equivalent to digitally signing the file itself. And such an agreement has other advantages.
3) Authentication protocol
The following authentication protocol is also called "challenge-authentication mode: when the transmission channel can be intercepted but cannot be tampered with, this is a simple and Safe method.

The above is the detailed content of Can md5 be decrypted?. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

What is the difference between unset() and session_destroy()?May 04, 2025 am 12:19 AM

Thedifferencebetweenunset()andsession_destroy()isthatunset()clearsspecificsessionvariableswhilekeepingthesessionactive,whereassession_destroy()terminatestheentiresession.1)Useunset()toremovespecificsessionvariableswithoutaffectingthesession'soveralls

What is sticky sessions (session affinity) in the context of load balancing?May 04, 2025 am 12:16 AM

Stickysessionsensureuserrequestsareroutedtothesameserverforsessiondataconsistency.1)SessionIdentificationassignsuserstoserversusingcookiesorURLmodifications.2)ConsistentRoutingdirectssubsequentrequeststothesameserver.3)LoadBalancingdistributesnewuser

What are the different session save handlers available in PHP?May 04, 2025 am 12:14 AM

PHPoffersvarioussessionsavehandlers:1)Files:Default,simplebutmaybottleneckonhigh-trafficsites.2)Memcached:High-performance,idealforspeed-criticalapplications.3)Redis:SimilartoMemcached,withaddedpersistence.4)Databases:Offerscontrol,usefulforintegrati

What is a session in PHP, and why are they used?May 04, 2025 am 12:12 AM

Session in PHP is a mechanism for saving user data on the server side to maintain state between multiple requests. Specifically, 1) the session is started by the session_start() function, and data is stored and read through the $_SESSION super global array; 2) the session data is stored in the server's temporary files by default, but can be optimized through database or memory storage; 3) the session can be used to realize user login status tracking and shopping cart management functions; 4) Pay attention to the secure transmission and performance optimization of the session to ensure the security and efficiency of the application.

Explain the lifecycle of a PHP session.May 04, 2025 am 12:04 AM

PHPsessionsstartwithsession_start(),whichgeneratesauniqueIDandcreatesaserverfile;theypersistacrossrequestsandcanbemanuallyendedwithsession_destroy().1)Sessionsbeginwhensession_start()iscalled,creatingauniqueIDandserverfile.2)Theycontinueasdataisloade

What is the difference between absolute and idle session timeouts?May 03, 2025 am 12:21 AM

Absolute session timeout starts at the time of session creation, while an idle session timeout starts at the time of user's no operation. Absolute session timeout is suitable for scenarios where strict control of the session life cycle is required, such as financial applications; idle session timeout is suitable for applications that want users to keep their session active for a long time, such as social media.

What steps would you take if sessions aren't working on your server?May 03, 2025 am 12:19 AM

The server session failure can be solved through the following steps: 1. Check the server configuration to ensure that the session is set correctly. 2. Verify client cookies, confirm that the browser supports it and send it correctly. 3. Check session storage services, such as Redis, to ensure that they are running normally. 4. Review the application code to ensure the correct session logic. Through these steps, conversation problems can be effectively diagnosed and repaired and user experience can be improved.

What is the significance of the session_start() function?May 03, 2025 am 12:18 AM

session_start()iscrucialinPHPformanagingusersessions.1)Itinitiatesanewsessionifnoneexists,2)resumesanexistingsession,and3)setsasessioncookieforcontinuityacrossrequests,enablingapplicationslikeuserauthenticationandpersonalizedcontent.

See all articles