Just how secure is MD5?

KentonBomb · 02-21-2008, 09:42 PM

I'm asking this question because i have recently written a php script to display my Guitar Hero 2 Achievements in a dynamic forum signature (I'm such a geek, lol)

This is the sig:

The thing is, It can be changed with a web based mini-panel. It requires a password (Which is MD5 Encrypted), and I want to make sure that it can't be cracked. If it is, people can literally choose what my signature on another forum says. Can you see what the issue could be here?

The forum i use it on, I have around 2500 Posts on, so that's alot of data being transfered. I want to stay in control of what data is transfered obviously

So to test it out, I tried my hash against many online decoders. They all failed. Then I tried a bruteforcer, but I didn't have the patients to let it crack my password, so I gave up. Did I do so in error? How secure is MD5 Really?

Thanks for any advice given to me, and if this is in the wrong subforum- Sorry!

Synkc · 02-21-2008, 10:00 PM

MD5 is a one-way encryption method; it cannot be decrypted.

When people say they a have a MD5 decrypted, what they actually have is either an extremely large list of words, who's MD5 value is compared with the supplied MD5 value, or a script that generates every possible combination of characters, and their MD5 value, up to whatever the desired string length; for example: 1, 11, 12, 13/ a aa, ab, ac -> containing every possible combination, up to say 1000 characters long.

I suggest you use a combination of different encryption schemes; for example, if you're using PHP:

md5(md5(sha1(md5($password))));

At least that way, as long as the "potential hacker" does not know the encryption method you've used, you should never have to worry about unsecured passwords.

unmanaged · 02-21-2008, 11:21 PM

KentonBomb is correct... You need a little bit of "salt" with your MD5...

Quote:

Because MD5 makes only one pass over the data, if two prefixes with the same hash can be constructed, a common suffix can be added to both to make the collision more reasonable.
Because the current collision-finding techniques allow the preceding hash state to be specified arbitrarily, a collision can be found for any desired prefix; that is, for any given string of characters X, two colliding files can be determined which both begin with X.
All that is required to generate two colliding files is a template file, with a 128-byte block of data aligned on a 64-byte boundary, that can be changed freely by the collision-finding algorithm.
Recently, a number of projects have created MD5 "rainbow tables" which are easily accessible online, and can be used to reverse many MD5 hashes into strings that collide with the original input, usually for the purposes of password cracking. However, if passwords are combined with a salt before the MD5 digest is generated, rainbow tables become much less useful.
The use of MD5 in some websites' URLs means that Google can also sometimes function as a limited tool for reverse lookup of MD5 hashes.[12] This technique is rendered ineffective by the use of a salt.

<snip>

In cryptography, a salt comprises random bits that are used as one of the inputs to a key derivation function. The other input is usually a password or passphrase. The output of the key derivation function is stored as the encrypted version of the password. A salt can also be used as a key in a cipher or other cryptographic algorithm. The key derivation function typically uses a hash function. Sometimes the initialization vector, a previously-generated value, is used as a salt.
Salt data complicates dictionary attacks that use pre-encryption of dictionary entries: Each bit of salt used doubles the amount of storage and computation required.
(src: wikiepdia, yea i know..)

If you want some more in-depth reading jump on over here...

MD5 To Be Considered Harmful Someday:
From Dan Kaminsky, a senior Senior Security Consultant for Avaya, and a part of the DoxPara Research team...

http://www.doxpara.com/md5_someday.pdf
http://www.doxpara.com/research/md5/...ful-slides.pdf
http://www.doxpara.com/research/md5/confoo.pl

Stach & Liu have some well document information on MD4/5 Collisions...
http://www.stachliu.com.nyud.net:809...ollisions.html

We live in a world that has to much "security via obscurity" or a "don't ask don't" tell policy on security problems...

Even back in 2005 MS and Big Bill's Boys banned the use of DES/MD4/MD5 on their projects, but even SHA1 and other systems they have chosen are still looking to be prone to attack.

Peace out from the information overload,
Gavin

justvudo · 02-22-2008, 01:47 AM

I'm a hacker, but I do not do those things anymore... And Yes IT CAN be decrypted! I can get the your forums password right now and it will bring me back a MD5 code. And there are tools on the world wide web that can also decrypted so yea... You can give me a MD5 code now and I'll will crack it.