Ball In A Box Productions

• Programming
  • JavaScript
    • Game
      • Sudoku
      • Switch It!
      • 4x4 Match
      • Connect 4
    • Color Wheel
    • Fiatian Code
    • Login Coder
    • Site Search
    • Old Scripts
      • Analogue Clock
      • Image Rotate
      • Balls
    • Mathematical
      • Random Generator
  • Programs
    • MD5 Rainbow
    • Dictionary Creator
    • MD5 Brute Force
    • Lexi Chart
  • Assembly
    • Snippets
      • Bit Count
      • Odometers
        • Bit Subset
        • Reverse Bit Subset
        • Fast Byte
        • Unique Ordered
• Graphics
  • Gallery
    • Colorization
    • Icons
      • One
      • Two
      • Three
  • Tutorials
    • One
    • Two
    • Three
  • Bryce
    • Object Gallery
    • Large objects
    • Scenes
• Writing
  • Poetry
    • Fictional by Colin Fiat
    • Poems By Draco Merest
  • Micro Fiction
    • Shorts By Draco Merest
  • Documents
    • Covering Designs
    • C(v,6,t,m) Chart
• Miscellaneous
  • Bookmarks
    • One
    • Two
    • Three
  • Jump To
    • Home
    • About
    • Help
    • Site Map
  • Contact
    • Profiles
    • Email
      • BIAB
      • HTJS
      • Colin Fiat
      • Draco Merest
      • Verbatim

The MD5 Hash function is reasonably secure when analyzing the algorithm as it incorporates standard arithmetic addition and bitwise logical AND; both reasonably similar. eg: finding two addends which produce the resultant 24 requires a paired list of 25 elements: 0+24, 1+23... 24+0. This seems simple enough but MD5 incorporates addition, resulting in answers from 0 to 4,294,967,295 five times per loop of 64 iterations. While theoretically possibly to reverse engineer an MD5 hash, it is simply not feasible.

Brute force, in simple terms, is trying every possible input combination and comparing the result to the answer being sought. For the 2 operands resulting in 24 from an addition function, the possibilities are limited and trivial. MD5 Hashes result from a complex 64 hex digit number which require more space to list than there are atoms in the universe; or so I have seen mentioned.

If there are too many possible input texts to make brute force feasible, why bother? Firstly the intellectual challenge and secondly... well, there isn't one. Using MD5brute.exe to crack an eight character string may take some hours whereas using a rainbow table requires mere seconds. However, an 8 character string composed from upper and lower letters, numbers and symbols may not have been databased in any rainbow table. Using a brute forcer in this instance is the only option. (How do you think the rainbow tables were generated in the first place?)

[edit] I don't know why I wrote all that; anyone requiring an MD5 cracker probably knows the details already.

MD5brute comprises a Visual Basic 6 GUI (Graphical User Interface) with a single function DLL (Dynamic Link Library) hand written in pure assembly. Two days were spent creating the ultimate combination generator; benchmarked at 390 million combinations per second for a set of 36 characters taken 8 at a time with end message bit setting and message size recording. (That's equivalent to A to Z and 0 to 9 starting with AAAAAAAA and ending with 99999999.)

After incorporating the MD5 hash algorithm, and some necessary functions such as hash comparisons and event pausing, the function speed dwindled to 1.5 million per second for 8 characters from a set of 36. Not too bad.

Some notable features of this program include:

• Variable length and order of any character set
• Accepts any character; Unicode, controls: anything you can type
• Attempt up to 32000 hash values at once
• Character set length from 4 to 16
• Does not require an NVIDIA GPU with CUDA support
• Nothing fancy - it cracks MD5 hash values and that's it!