Suppose I have only the first 16 characters of a MD5 hash. If I use brute force attack or rainbow tables or any other method to retrieve the original password, how many compatible candidates have I to expect? 1? (I do not think) 10, 100, 1000, 10^12? Even a rough answer is welcome (for the number, but please be coherent with hash theory and methodology).
is it possible to retrieve a password from a (partial) MD5 hash?
1.6k Views Asked by tic At
2
There are 2 best solutions below
Related Questions in HASH
- Trouble validating md5 hashed password with randomly generated salt?
- Why k and l for LSH used for approximate nearest neighbours?
- PHP password_hash() / bcrypt
- Unique hash/index for time interval
- Order-independent Hash Algorithm
- git hard reset - what am I doing wrong?
- Java HashMap, hashCode() equals() - how to be consistent with multiple keys?
- Create hash from variables in loop
- Hashing integer coordinates of different sizes
- Xcode salting and hashing a password
- Is there a way to generate a Guid from a list of Guids?
- Path reconstruction with Hashing?
- Creating a Hash with keys from an array and empty arrays as the values
- How to read data from a different file without using YAML or JSON
- change value in hash using an array of keys in ruby
Related Questions in PASSWORDS
- Do I have to randomize key in OpenSSL
- Xcode salting and hashing a password
- migrate one ldap server to another - questions
- Create a .txt with Password
- Hiding param of struts.xml values in Struts 2
- Detecting when CAPS LOCK is ON
- Save user and password Android
- Use MATLAB's webread to login to website and extract text
- authentication ruby valid_password error
- Linux acquire root permissions through a password popup
- I forgot the password to open a Word document. How can I retrieve the password?
- Django Rest Framework - serializer code not executing
- Transmit commands via ssh with password using expect
- Most used password in different language
- How does Maven 3 password encryption work?
Related Questions in MD5
- Trouble validating md5 hashed password with randomly generated salt?
- What is the equivalent of PHP's md5(str, true)?
- Hexdigest in Python
- NSData dataWithContentsOfFile returns different results on device
- PHP Compare a crypted password from db with an inserted password from a form
- Amazon Marketplace - MD5 content-header of XML in curl
- Convert md5 in base64 in md5 of 32 characters with PHP
- How safe is the md5 hashing algorithmic if I know part of the original data
- ContentMD5 Amazon S3 Upload Bad Digest
- Generate MD5 Hash of String in JRuby
- Formatting issue with md5deep
- A few questions about md5 collision in production
- C# - How to hash MD5 for more than one file at the same time?
- Is this a bad practice for storing passwords in PHP?
- Argument of type "unsigned long *" is incompatible with parameter of type "HCRYPTHASH *"
Related Questions in BRUTE-FORCE
- SAT-Solving: DPLL vs.?
- How to block unexpected request from multiple ip address in linux server?
- Python bruteforce combinations given a starting string
- risk of "big" computations on hardware
- brute-force graph isomorphism with networkx
- Finding maximum element in an array - is it that you will call greedy algorithm or brute force algorithm or both?
- Algorithm Check for Switch Program
- C++ Part of brute-force knapsack
- wp-login.php Flood in Acces Logs
- Better way to do a Bruteforce on strings?
- CodeForces 750D- New Year and Fireworks Time Limit Exceeded
- Sudoku Brute Force Algorithm
- Brute-force equation solving
- Longest common subsequence (LCS) brute force algorithm
- Maximal sets intersection
Related Questions in RAINBOWATTACK
- Developing Rainbow Tables
- Why is it called rainbow table?
- What length of passwords do rainbow tables go to?
- Reading rainbow tables from freerainbowtables.com
- is it possible to retrieve a password from a (partial) MD5 hash?
- Rainbow Tables: How to defend against them?
- Rainbow attack through python lookup is failing.
- Rainbow tables - how to choose the starting plaintext
- What exactly is a rainbow attack?
- Are Rainbow Tables Attacks even a threat?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
The output of MD5 is 16 bytes (128 bits). I suppose that you are talking about an hexadecimal representation, hence as 32 characters. Thus, "16 characters" means "64 bits". You are considering MD5 with its output truncated to 64 bits.
MD5 accepts inputs up to 264 bits in length; assuming that MD5 behaves as a random function, this means that the 218446744073709551616 possible input strings will map more or less uniformly among the 264 outputs, hence the average number of candidates for a given output is about 218446744073709551552, which is close to 105553023288523357112.95.
However, if you consider that you can find at least one candidate, then this means that the space of possible passwords that you consider is much reduced. A rainbow table is a special kind of precomputed table which accepts a compact representation (at the expense of a relatively expensive lookup procedure), but if it covers N passwords, then this means that, at some point, someone could apply the hash function N times. In practice, this severely limits the size N. Assuming N=260 (which means that the table builder had about one hundred NVidia GTX 580 GPU and could run them for six months; also, the table will use quite a lot of hard disks), then, on average, only 1/16th of 64-bit outputs have a matching password in the table. For those passwords which are in the table, there is a 93.75% probability that there is no other password in the table which leads to the same output; if you prefer, if you find a matching password, then you will find, on average, 0.0625 other candidates (i.e. most of the time, no other candidate).
In brief, the answer to your question depends on the size N of the space of possible passwords that you consider (those which were covered during rainbow table construction); but, in practice with Earth-based technology, if you can find one matching password for a 64-bit output, chances are that you will not be able to find another (although there are are really many others).