# Thread: MD5 Can be Decrypted. Unbelievable!

1. Regular Coders
Join Date
Dec 2007
Posts
123
Thanks
17
Thanked 1 Time in 1 Post
oh!

2. Regular Coders
Join Date
Dec 2007
Posts
123
Thanks
17
Thanked 1 Time in 1 Post
What if someone makes a bot which does a dictionary attack to crack a 32 bytes of hash. How much time do you think it will take to actually crack that hash?

3. Depends. If the hash isn't in the dictionary, it will never be cracked. If it is, then probably only an hour or two on a fast computer — depending on the size of the dictionary, of course. Length doesn't matter with dictionary-based attacks. That's why it's recommended to never use dictionary words as your password (and why you should always add salt to any user-supplied passwords for hashing).

4. Regular Coders
Join Date
Dec 2007
Posts
123
Thanks
17
Thanked 1 Time in 1 Post
what if its an alphanumeric password and the attack is a brute force attack?

Then how much time will it take?

5. O(36^n) if there are no capitals — that is, the time taken will be proportionate to the number of possible characters to the power of the length of the password. On a (my) modern PC, calculating the MD5 sums of 36 characters takes about 0.0000742776780128479 seconds.

6. Regular Coders
Join Date
Dec 2007
Posts
123
Thanks
17
Thanked 1 Time in 1 Post
Originally Posted by Twey
O(36^n) if there are no capitals — that is, the time taken will be proportionate to the number of possible characters to the power of the length of the password. On a (my) modern PC, calculating the MD5 sums of 36 characters takes about 0.0000742776780128479 seconds.

I didnt get you. Do you mean a modern PC can crack a alphanumeric password in about 0.0000742776780128479 seconds with brute force attack?

7. A single-character one, yes.

8. Regular Coders
Join Date
Dec 2007
Posts
123
Thanks
17
Thanked 1 Time in 1 Post
so if I have a password of 5 characters (NIj7U)

then it would take 5 x 0.0000742776780128479 seconds to crack a password with brute force attack???

9. Junior Coders
Join Date
Mar 2009
Posts
65
Thanks
13
Thanked 4 Times in 4 Posts
Originally Posted by cancer10
so if I have a password of 5 characters (NIj7U)

then it would take 5 x 0.0000742776780128479 seconds to crack a password with brute force attack???
Which is why sometimes applications adds an additional fix prefix to a password to make it harder to break, but the world you add that prefix is not easy either. Choosing a wrong one or a simple one is as good as nothing adding any.

And for the sake of Og, don't md5 a md5 - it's not really useful

10. The way that website works is people go to http://md5encryption.com/ (which is the encryption tab on the website linked in the first post), it then encrypts the the input to md5 and adds the info to a database. The decryption site then reads from that database and if is in there, displays the text for the inputted hash.