md5 decoding. How they do it?

i thought, that it is impossible to decode md5 hashes, but i found tools, which decode them her开发者_如何学Goe. but i have no idea, how they do it in such a short period of time(it takes about a second).

Help me please to understand it.

Thanks

It doesn't decode an MD5 hash. It uses what's called a rainbow table... That's why it's so important to use salted hashes instead of storing the hash directly...

It is impossible to decode an MD5 hash as it is a one way algorithm, they will have a database of pre-calculated hashes and the string that was used to generate the hash and then perform a lookup.

The web page actually contains the answer:

The database contains millions of MD5 hashes and their decrypted forms.

If you hash a somewhat trivial string like "Hello World" chances are it exists in that db. But enter a long string of some weird text like "H3ll0 Wh1rrl3d!?!" and the "conversion" will fail because it will not exist in the hash db. (Though my "weird" string seems to be getting decoded?!?)

IMPORTANT:

• NOTE FROM THE SITE: Any data which is MD5 hashed is stored for lookups. Do not encode sensitive data using this form

  ---

lol. That's why anything you hash with the site will come back as decoded! Everytime you hash something with that site you increase the size and capability of the database!

It says clearly: This tool searches multiple databases for the unencoded version of a MD5 hash

In general, this is still computationally intractable. However, rainbow tables assist in locating known pre-images. It will only work when the pre-image is based on common strings (e.g. dictionary words) and a salt isn't used. That's what they mean by "This tool searches multiple databases."