It's not my problem if you like/use/abuse drugs. If you want to destroy your life, please go ahead.
However, what do you know about MD5? Obviously nothing. I majored in cryptanalysis, so unlike you, I know a lot about cryptographic systems and message digests.
So if you know nothing about MD5, please read this
http://www.faqs.org/rfcs/rfc1321.html and then tell me a possible way to break it. Just the way you would do it, please.
I said it will be possible with quantum computers since they can reverse a mathematical function.
"MD5 sums are used as a one-way hash of data. Due to the nature of the formula used, it is impossible to reverse it. To find out what the source data was, one would traditionally attempt every single possible input value until they found the solution."
Let's say we have a function f:{1,2,3,...,N} --> {1,2,3,...,N}, which is our MD5 function and we know that N is mathematically speaking sufficiently large. The only other thing which you know about f is that it is periodic, meaning that there exists a number m so that f(i) = f(i+m) is true for all i.
Now, if you have a classical computer at your disposal, you will have to evaluate f N-times to find m.
Using a quantum computer, we can evaluate "
all values of f at the same time", by feeding a superposition of all inputs into the function evaluation. Of course there is no way to get all results from the quantum computer but in this case we only want the periodicity of the function, while all individual function values are irrelevant. And this we get from our quantum computer in a few milliseconds.
Unfortunately a quantum computer does not currently exist. So we have to suppose that reversing a MD5 function is mathematically impossible.
Now, mathematically this is true. It's not true in reality, though. As I said, the only way to cryptographically "break" md5 is by using bruteforce. Someone made a table that has 170,141,183,460,469,231,731,687,303,715,884,105,728 entries with their corresponding MD5 value. So if someone used a password like "apple", itt could be reversed since it's already in that table. The MD5 sum of the word "apple" is 1f3870be274f6c49b3e31a0c6728957f. Now i just capitalize the first letter and the Md5 is 9f6290f4436e5a2351f12e03b6433c3c.
Code:
MD5(apple) = 1f3870be274f6c49b3e31a0c6728957f
MD5(Apple) = 9f6290f4436e5a2351f12e03b6433c3c
MD5(ApPlE) = e4f117a26eac86876d199be7bd738709
Now any cryptographically secure application (Let's assume RunUO is heavily dependant on a secure crypto system to store the passwords) would not just Md5 a password since we have to assume the user will use a short password like his name, birthdate, name of the dog or whatever.
So we would just "salt" the user password. We could, for example, put a different word after every letter of the password.
Let's assume our user uses the password
JohnDoe.
Code:
Md5(JohnDoe) = 9fd9f63e0d6487537569075da85a0c7f
Using a traditional PC it would take about one or two weeks to "decrypt" the password using bruteforce, assuming we stole the accounts file.
Now before we store the password we could "salt" it:
JAlpha
oBravo
hCharlie
nDelta
DEcco
oFoxtrott
eGamma.
Now the MD5 of this new password would be different:
Code:
Md5(JAlphaoBravohCharlienDeltaDEccooFoxtrotteGamma) = b009bff1c6ef7f205d8a7537abcbeada
We could make it even more difficult to break by hashing it twice:
Code:
Md5(Md5(JAlphaoBravohCharlienDeltaDEccooFoxtrotteGamma)) = dc2497e7fdf894baf2a287b0a4158069
Now you see that the hash is 32 Byte long and our salted password is 46 Byte. That means the encryption is now lossy. We actually lose data. This data can not be restored. Again, the only way would be bruteforce.
Now as I said, the MD5 has is 128 bit long. This means you have 340,282,366,920,938,463,463,374,607,431,768,211,456 possible values. So even if you could calculate the hash of
a trillion words
per second it would still take 5395141535403007094 years to find the password. (Assuming you find it after 50% of the tries).
Now let's just assume you have a trillion machines that can calculate the hash of a trillion words per second it would still take you 5.395.141 and a half year.
Now if you wanted to make a lookup table for each word, it would take the time mentioned above. As for storing the lookup table: where are you going to store it?
Even if you could store one lookup table entry on one single electron (which is of course not possible) the storage device for 10^38 entries would weigh 10000 tons.
So please: face it. It is absolutely absolutely absolutely impossible to reverse a MD5 hash.
