MD5 is a commonly used algorithm to “encrypt” passwords and store them in electronic systems for later checks of the entered password of the user. Now the MD5 algorithm has been reportedly vulnerable to security flaws. But exploiting these flaws takes an disproportional amount of computing power. This power is usually not available to security researchers or users who want to recover their password which is stored in hashed data storage. This article tells you how to crack MD5 passwords in a more convenient way!
Taking the one-way street: how to calculate MD5 digests
First, some theory: actually a MD5 password is not encrypted but converted to a so called message digest. But what is a message digest? And how to calculate it? The digest ist the outcome of a so called cryptographic hash function, such as MD5:
A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the hash value, such that an accidental or intentional change to the data will almost certainly change the hash value. In many contexts, especially telecommunications, the data to be encoded is often called the “message”, and the hash value is also called the message digest or simply digest.
For a more scientifical description see this post by the RSA labs.
You can convert messages to MD5 digests using the MD5 encoder of the mainframe8 network. It provides a browser integration, so that you can encode directly from the search lookup field of the browser (Internet Explorer, Mozilla Firefox and Google Chrome are supported). This is a great time-saving feature!
Now for the fun part: cracking a MD5 password
There is a variety of services that help you reconstruct the original message that lead to the digest. Most of them follow the “Time-Memory Trade Off” or informally called “Rainbow table” approach. Rainbow tables, you ask?
Project RainbowCrack explains it well:
The straightforward way to crack hash is brute force. In brute force approach, all candidate plaintexts and corresponding hashes are computed one by one. The computed hashes are compared with the target hash. If one of them matches, the plaintext is found. Otherwise the process continues until finish searching all candidate plaintexts.
In time-memory tradeoff approach, the task of hash computing is done in advance with the results stored in files called “rainbow table”. After that, hashes can be looked up from the rainbow tables whenever needed. The pre-computation process needs several times the effort of full key space brute force. But once the one time pre-computation is complete, the table lookup performance can be hundreds or thousands times faster than brute force.
The most successful tools to crack digests use rainbow table lookups. Project RainbowCrack has benchmarks available.
Cracking MD5 hashes using web services
So, here is the close-to-complete list of publicly available MD5 password crackers. All have been tested by me and sorted by the outcome of a statistical approach. The number in the brackets state how many hashes have been cracked out of 10.
Warning: most of the websites below provide a tool to generate MD5 hashes as well. But beware, some of these tools insert the generated hash into their rainbow table. So your generated digest will be instantly crackable by using this website! Instead you should use this MD5 encoder that never saves your inserted data nor the generated hash.
- (5/10) www.tmto.org – Searches several databases. Seems to have a large amount of data. My tests have proven this service as quite reliable. Fast.
- (5/10) md5.noisette.ch – meta-search, works well
- (4/10) md5decryption.com
- (4/10) www.c0llision.net – distributed approach. Usable via web and IRC. Free open slots are rare.
- (4/10) www.netmd5crack.com – Contains 171,392,210 unique entries in the database. You can insert new phrases to the database.
- (4/10) www.md5decrypter.com – Currently serving around 810,000 hashes.
- (4/10) md5hashcracker.appspot.com
- (4/10) www.hashhack.com
- (4/10) isc.sans.edu – Surprised to see an .edu top level domain among this list, aren’t you? This MD5 hash database is operated by the Internet Storm Center.
- (4/10) www.md5crack.com – Simple but sufficient interface.
- (4/10) passcracking.com – Same as passcracking.ru. Uses a combined technique. Register to increase priority.
- (4/10) authsecu.com – contains over 500 million hashes (12 GB). The site itself is in French. Enter the MD5 hash to be cracked in the form field labeled “HASH MD5:” and click Déchiffrer
- (4/10) md5.rednoize.com – Currently serving around 55,000,000 hashes. Fast.
- (4/10) md5.web-max.ca
- (3/10) www.cmd5.com – Reputedly the biggest hash database (4 TB) online. During my tests i could have bought five so called payment-records additionally to the mentioned three findings. So i guess their database is really good.
- (2/10) md5.thekaine.de – uses a mixed approach (rainbow tables, dictionary attacks etc.)
- www.shell-storm.org – Currently serving around 170,000 hashes.
- www.md5this.com- Strange interface. Long queue.
- www.hashchecker.com – Bruteforce approach. Seems to have a high success rate but only few free slots available. Register and pay to increase priority.
- hashcrack.com – contains over 750 million hashes. Warning: previously unknown words will be entered into their database and will be “recoverable” for everyone later.
- md5pass.com – does not use a very own database but a Google Custom Search Engine (CSE). The CSE indexed other websites so it acts as a meta-search engine. But my tests were not very successful.
- md5pass.info – small service. Around 300,000 hashes in the database.
The folks at www.md5crack.com do not run their own cracker but function as a meta-search. This works by searching for the digest and its plain-text counterpart using search engines such as Google, Yahoo! etc. The article Using Google as a password cracker provides more information on this topic and how to do it manually.
You like to try cracking the hash on your local machine? Of course there are applications that will handle this as well, such as the top dogs “John the Ripper” and “Cain & Abel”:
- RainbowCrack – rainbow table implementation that supports multiple codecs like LM, NTLM and MD5
- Cain & Abel – in my opion the most advanced password cracker for Windows available to the public
- MD5 GPU Crack – local software (Windows) using GPU hardware
- How to crack MD5 passwords with John the Ripper – using JtR (Unix/Windows) to crack MD5 hashes locally (I’ve wrote my own more up-to-date article, an older post is located here)
- Cryptohaze GPU Rainbow Cracker – local software (Linux) using GPU hardware
In alternative to the mentioned services above there are other ways you can go. For example there are IRC channels with bots in them that try to crack the hashes you input. Sometimes these bots act as a bridge to web services as well. On the other side there are bulletin boards where people try to crack hashsums in a collaborative approach.
Do you know more cracking services? Please leave a comment!
Just for the record – outdated services
- www.milw0rm.com – The cracker of the infamous exploit database. Only few free slots available.
- blacklight.gotdns.org – Currently serving around 2,500,000 hashes.
- gdataonline.com – Currently serving around 2,300,000 hashes.
- hash.db.hk – Bruteforce approach combined with rainbow tables. Provides a SHA1 cracker as well.
- hash.insidepro.com – contains around 43 million hashes
- plain-text.info – a quite complex system which supports different algorithms like MD5 and SHA-1. It is usable via an IRC interface.
- igrkio.info – meta search, service temporarily not available
- darkc0de.com – a former meta-cracker that utilizes md5decrypter.com, passcracking.ru, milw0rm.com, gdataonline.com and md5.rednoize.com