Summary MD5
- MD5 is a cryptographic hash function, designed to be a one-way function, which means that it is not possible to directly decrypt an MD5 value to get the original input.
- The MD5 algorithm is no longer considered secure for password encryption as it is vulnerable to collision attacks and other hash cracking techniques. We recommend using stronger hashing algorithms such as SHA-256 or bcrypt instead. Therefore, it is quite common to find MD5 hash dictionaries on the internet to decrypt.
Introduction
- To create a password, the algorithm uses 91 characters as follows:
const lowerCaseChars = "abcdefghijklmnopqrstuvwxyzç";
const upperCaseChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZÇ";
const specialChars = "!@#$%^&*()-_+=<>?/,.:;{}[]|";
const numericChars = "0123456789";
- Total of 91 different characters.
- Let’s say I want to make a password with 6 characters with these 91 characters, remembering that characters can be repeated.
- So, we have an exponentiation: 91^6 = 91 x 91 x 91 x 91 x 91 x 91 = 567,869,252,041 (billion) possible password combinations.
Estimating Time
- Imagine that 1 current CPU of my i5 here can do 100 passwords per second. I did some calculations here:
- 1 second = 100 passwords
- 1 minute = 6000 passwords
- 1 hour = 6000 x 60 = 360,000 passwords
- 1 day = 24 x 360,000 = 8,640,000 passwords
- 567,869,252,041 possible password combinations / 8,640,000 passwords per day = ~65725 days
- 65725 days / 365 days = it would take on average ~180 years to create all possible password combinations of length 6 using those 91 characters!
Algorithm
- In this algorithm, using parallelism, the algorithm uses the 8 CPUs available in parallel that I have here on my machine.
- I had each worker create 8 possible password/dictionary combinations:
- 1 worker makes passwords with 6 characters
- 1 worker makes passwords with 7 characters
- Until the last worker, making passwords with 13 characters
- The 8 workers creating the passwords at the same time, in parallel.
- Each worker saves the possible combinations in a different JSON format dictionary, both with plain password along with its MD5 hashed password.
Conclusion
- I made this algorithm for didactic purposes, and out of pure curiosity/technical interest.
Script Example in Javascript
const cluster = require("cluster");
const totalCPUs = require("os").cpus().length;
const fs = require("fs");
const crypto = require("crypto");
const dictionaryMD5Passwords = {
6: [],
7: [],
8: [],
9: [],
10: [],
11: [],
12: [],
13: [],
};
const indexes = [0, 1, 2, 3, 4, 5, 6, 7]; // each worker index
const lowerCaseChars = "abcdefghijklmnopqrstuvwxyzç";
const upperCaseChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZÇ";
const specialChars = "!@#$%^&*()-_+=<>?/,.:;{}[]|";
const numericChars = "0123456789";
const allPasswordPossibleCharacters =
lowerCaseChars + upperCaseChars + specialChars + numericChars;
function generateCombinationsWithRepetition(inputString, combinationLength) {
function generateHelper(currentPassword) {
if (currentPassword.length === combinationLength) {
const password = {
plainText: currentPassword,
md5: crypto.createHash("md5").update(currentPassword).digest("hex"),
};
console.log(password);
dictionaryMD5Passwords[combinationLength].push(password);
fs.writeFileSync(
`./md5_hash_dictionary/passwords_length_${combinationLength}.json`,
JSON.stringify(dictionaryMD5Passwords[combinationLength], null, 4),
"utf8"
);
return;
}
for (let i = 0; i < inputString.length; i++) {
const char = inputString[i];
const newCombination = currentPassword + char;
generateHelper(newCombination);
}
}
generateHelper("");
}
if (cluster.isMaster) {
for (let i = 0; i < totalCPUs; i++) {
const worker = cluster.fork();
worker.on("message", message => {
console.log(
`\nWORKER ID ${worker.process.pid} => received message: ${message}\n`
);
});
}
let workerIndex = 0;
for (const index of indexes) {
const worker = Object.values(cluster.workers)[workerIndex];
if (worker) {
let combinationLength = index + 6;
worker.send(combinationLength);
workerIndex = (workerIndex + 1) % totalCPUs;
}
}
cluster.on("exit", worker => {
console.log(`Worker ${worker.process.pid} finished his job!`);
});
} else {
process.on("message", async combinationLength => {
generateCombinationsWithRepetition(
allPasswordPossibleCharacters,
combinationLength
);
});
}
Script Example in Go
package main
import (
"crypto/md5"
"encoding/json"
"fmt"
"os"
"path/filepath"
"runtime"
"sync"
"time"
)
var allPasswordPossibleCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+=<>?/,.:;{}[]|"
type Password struct {
PlainText string `json:"plainText"`
MD5 string `json:"md5"`
}
func generateCombinationsWithRepetition(length int, workerID int, wg *sync.WaitGroup) {
defer wg.Done()
start := time.Now()
var passwords []Password
totalRequestsMade := 0
var generateHelper func(currentPassword string)
generateHelper = func(currentPassword string) {
if len(currentPassword) == length {
md5Hash := md5.New()
md5Hash.Write([]byte(currentPassword))
md5String := fmt.Sprintf("%x", md5Hash.Sum(nil))
passwords = append(passwords, Password{
PlainText: currentPassword,
MD5: md5String,
})
totalRequestsMade++
fmt.Printf("Worker %d generated: {\"plainText\": \"%s\", \"md5\": \"%s\"}\n", workerID, currentPassword, md5String)
return
}
for _, char := range allPasswordPossibleCharacters {
generateHelper(currentPassword + string(char))
// time.Sleep(1 * time.Second) // Uncomment to create 1 password per second
}
}
generateHelper("")
duration := time.Since(start)
fmt.Printf("Worker %d sent all passwords in %v\n", workerID, duration)
fmt.Printf("Worker %d generated %d passwords\n", workerID, totalRequestsMade)
dir := "./dictionary-golang"
if err := os.MkdirAll(dir, 0755); err != nil {
fmt.Printf("Error creating directory: %v\n", err)
return
}
filePath := filepath.Join(dir, fmt.Sprintf("passwords_length_%d.json", length))
file, err := os.Create(filePath)
if err != nil {
fmt.Printf("Error creating file %s: %v\n", filePath, err)
return
}
defer file.Close()
encoder := json.NewEncoder(file)
encoder.SetIndent("", " ")
if err := encoder.Encode(passwords); err != nil {
fmt.Printf("Error encoding JSON to file %s: %v\n", filePath, err)
return
}
fmt.Printf("Worker %d saved passwords to %s\n", workerID, filePath)
}
func main() {
numWorkers := runtime.NumCPU()
var wg sync.WaitGroup
fmt.Printf("Master setting up %d workers...\n", numWorkers)
for i := 0; i < numWorkers; i++ {
wg.Add(1)
go func(workerID int) {
defer wg.Done()
length := 6 + workerID
fmt.Printf("Worker %d processing length %d\n", workerID, length)
generateCombinationsWithRepetition(length, workerID, &wg)
}(i)
}
wg.Wait()
}