3

I know that a hash is a one-way-function and that therefore there isn't a reversal function. By reversing a hash I just mean to find some plaintext that gives the hash.

I think that I understand that to reverse a hash one can

  • use dictionaries, that is, one generates a list of pairs of plaintexts and hashes. Given a hash, one then searches the dictionary for the related plaintext. I a certain sense I would say that this seems a lot like the method of just brute-forcing where one computes a lot of hashes until there is a match.
  • use rainbow tables. I am not entire sure that I understand how this works, but I see this question/answer.

My questions:

  1. Are there any other methods used in practice?

  2. Are there any methods that target the underlying algorithm?

Thomas
  • 3,861
  • 4
  • 22
  • 26

5 Answers5

5

With a serious hash, the only way to find a preimage is to make a guess and verify it. “Serious” means not somebody's homegrown method, but even MD5 which is broken for some uses still counts as serious here, as does Unix's traditional DES-based password hashing which still has the resistance that it was supposed to have (it's just that this amount is too little for today's computing power). In other words, if I have H and I want to find P such that Hash(P) = H, then the only way is to find P is to make a guess, compute the hash of this guess, and see if it's equal to H.

All password cracking methods can therefore be classified as brute force. Brute force can still use clever tricks. You can compute hashes of a lot of potential passwords and then look up many hashes in the resulting tables — that's a dictionary. You still had to compute all the hashes you're going to crack (and more). Rainbow tables consist of computing a humongous number of hashes and storing them in a clever way. A rainbow table is method for compressing a dictionary. These dictionary-based methods rely on precomputation that can be shared among many cracking attempts and are rendered useless by proper salting.

Password crackers always work by enumerating all possible passwords. The cleverness comes from enumerating the most likely passwords first — p@ssw0rd and 1loveYou before navpbtbf and homechasebogbigamy.

Gilles 'SO- stop being evil'
  • 51,415
  • 13
  • 121
  • 180
3

Exhaustive search is the (only) answer. Rainbow tables are an exhaustive search done in advance, and salting is a method useful to tie a given hash attempt to ONLY a single password entry (to thwart rainbow tables and similar techniques).

You can speed up exhaustive searches by searching common passwords first. That's the idea behind a dictionary attack.

tylerl
  • 82,665
  • 26
  • 149
  • 230
0
  1. Yes another method is exhaustive key search as far as per my knowledge.
  2. Not sure. but may be exhaustive key search does target it.

Again Not sure.

WiKi
  • 1
0

With hashes you either have to guess the right password or guess some string that would generate the same hash as the password. This is known as a hash collision. There are some collision based attacks that help to exploit collisions in the hashing algorithm however modern hashing algorithms have less of a chance for a collision. The are no known attacks on reversing hashing algorithms (anyone please correct me if I'm wrong).

The only hashing algorithm I suspect may be reversible is SHA but only because I'm paranoid and I believe the NSA would have built in a backdoor when making it. It's their job to crack encrypted messages! If I was them I would have built in a backdoor :)

Try some of the password lists at SkullSecurity they're pretty good. Also check out Ophcrack and JohnTheRipper.

Four_0h_Three
  • 1,245
  • 2
  • 8
  • 13
0

If it's MD4, MD5, SHA1, DCC, NTLM, MySQL you're trying to reverse, you can use Hashcat (http://hashcat.net/)