已知盐值时解密MD5哈希文本 [英] Decrypting MD5 hashed text when salt is known
问题描述
假设我具有以下MD5哈希密码:
Let's say I have the following MD5 hashed password:
bec0932119f0b0dd192c3bb5e5984eec
bec0932119f0b0dd192c3bb5e5984eec
如果我知道原始密码已经过盐化和哈希处理,并且知道它不是典型的盐,而是在MD5求和之前被包裹在"flag {}"中.
If I know that the original password was salted and hashed and know that instead of typical salt it was just wrapped in 'flag{}' before MD5 summing it.
在这种情况下如何解密MD5?
How may I decrypt MD5 in this case?
推荐答案
另一个答案在您尝试的定义中不正确.让我们从加密散列函数的必要抵抗的正式定义开始.以下内容来自密码哈希函数基础:定义,含义,以及P. Rogaway和T. Shrimpton的原像抵抗,第二原像抵抗和碰撞抵抗的分离;
The other answer is not correct in the definition of what you are trying. Let's begin with the formal definitions of Cryptographical hash functions' required resistances. The below from Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance by P. Rogaway and T. Shrimpton;
- 原像电阻-对于基本上所有预先指定的输出,在计算上找不到散列到该输出的任何输入,即,找到任何原像
x'使得h(x')= y当给定任何y时,其对应的输入未知. - 第二原像电阻,弱碰撞-在计算上找不到与指定输入相同输出的任何第二输入,即给定
x,找到第二张原图x'!= x,使得h(x)= h(x'). - 抗碰撞性,强碰撞-在计算上不可能找到任何两个不同的输入
x,x',它们会散列到相同的位置输出,即h(x)= h(x').
- preimage-resistance — for essentially all pre-specified outputs, it is computationally infeasible to find any input which hashes to that output, i.e., to find any preimage
x'such thath(x') = ywhen given any y for which a corresponding input is not known. - 2nd-preimage resistance, weak-collision — it is computationally infeasible to find any second input which has the same output as any specified input, i.e., given
x, to find a 2nd-preimagex' != xsuch thath(x) = h(x'). - collision resistance, strong-collision — it is computationally infeasible to find any two distinct inputs
x,x'which hash to the same output, i.e., such thath(x) = h(x').
冲突和密码破解没有关系.实际上,您正在尝试查找与给定哈希值和盐值匹配的原图像.对于MD5 n = 128 (即 O(2 ^ 128)),一般的映像前攻击的成本为 O(2 ^ n)代码>.MD5上的映像前攻击要比普通攻击更好,代价为 2 ^ 123.4
Collisions and password cracking is not related. Actually, you are trying to find a pre-image that works with the given hash value and the salt. The cost of generic pre-image attacks is O(2^n) in the case of MD5 n=128 that is O(2^128). There is a pre-image attack on the MD5 that is better than the generic with a cost of 2^123.4
这种攻击仍然超出了所有人的搜索范围(质量控制除外,这是另一回事).甚至对于超级计算机或比特币矿工的协作能力.
This attack still beyond the search of everybody (except the QC and that is another story). Even for the supercomputers or the collaborative power of the bitcoin miners.
如上所述,MD5不再具有密码安全性,因为它的抗碰撞性已被破坏,即使 SHA-1不再安全.
As pointed above, MD5 is no longer cryptographically secure since its collision resistance is broken, even SHA-1 is no longer secure.
散列不是加密/解密.这确实是一个很长的故事,一个简短的答案,加密是可逆的,但哈希不是(考虑信鸽原理,请参阅单向函数)[注释
hashing is not encryption/decryption. That is really a long story here a short answer, Encryption is reversible but hashes are not ( consider the pigeonhole principle, and see one-way functions) [ minor note block cipher mode of operation like the CTR mode doesn't requires a PRP it can work with PRF and it is designed in this way]...
您能做什么?
如果找不到,那么
根据您的预算,对MD5进行快速的映像前攻击,使其达到一定的限制. hashcat 是一个非常强大的工具,您可以从中受益.这是一场表演的表演;
Build a fast pre-image attack on the MD5 up to some limit according to your budget. hashcat is a very powerful tool that you can benefit from it to build it. Here a hashcat performance;
使用Nvidia RTX 3090的哈希猫可以搜索65322.5 MH/s (兆哈希值/秒).那是 2 ^ 16 MH/s .时间,设备成本,电费等计算可以根据目标搜索空间(如果已知)进行.
hashcat with Nvidia RTX 3090 one can search for 65322.5 MH/s (Mega Hashes/ Seconds). That is 2^16 MH/s. The calculations - time, device cost, electricity costs - can be done according to target search space if known.
这篇关于已知盐值时解密MD5哈希文本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
