Just to clear something up really. You cannot decrypt MD5 through code can you? e.g.

If I encrypted a whole document in MD5 it would be pretty hard decrypting it where as if I used MD5 for a password I could by changing the string that I was checking it against to MD5?

I'm not sure I understand the second part of the question. As to the first part, correct. So far no one has figured out a way to decrypt MD5. There are things like rainbow tables, however, that are essentially massive databases of strings and their corresponding MD5 hashes which are used as lookups.

Thanks,

So it wouldn't be right to encrypt a whole file using MD5 because it wouldn't be easy to decrypt it?

Thanks,

So it wouldn't be right to encrypt a whole file using MD5 because it wouldn't be easy to decrypt it?

Well MD5 isn't encryption, it's one way. Technically both are just as hard to "decrypt". Not sure why you'd MD5 a whole file since you'd never be able to get that data back unless you're checking for integrity I.E.,

* I upload Document A
     `- MD5(Document A) => 3fab79ac...
 * I want to download/sell/distribute/something else Document A
 * Prepare Document A
 * MD5(Document A) => 7bd96ca3...
 * Whoops, somehow Document A changed, integrity failure

Wait, I have to do a talk on encryption tomorrow and I've chosen to do MD5 :P but I'm talking about how it encrypts data in a database like passwords etc and how the form checks the details for integrity. Would this be ok?

Wait, I have to do a talk on encryption tomorrow and I've chosen to do MD5 :P but I'm talking about how it encrypts data in a database like passwords etc and how the form checks the details for integrity. Would this be ok?

Yup, as long as you specify that MD5 is a hash function rather than a cipher IE., there isn't a particular key which the data is encrypted and decrypted against.

Member Avatar for diafol

I understand MD5 to be a hash function - not encryption. AFAIK encryption means to transform a piece of text into 'ciphertext' (gobbledegook). BUT, this ciphertext can be decrypted back to the original text via a decrypt key. So ideally, you can only get at the original message if you have the key.

So if you're talking about 'encryption', I don't think MD5 is right because it can't be 'de-hashed'. cwarn is the expert though.

As you mention, md5 is used to hash passwords in DBs. A problem arises when you try to retrieve a user's forgotten pw - a common feature of login boxes. You end up having to provide a new one (random) and post this to the user's email.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.