md5 decoding. How they do it?

Solution 1:

It doesn't decode an MD5 hash. It uses what's called a rainbow table... That's why it's so important to use salted hashes instead of storing the hash directly...

Solution 2:

It is impossible to decode an MD5 hash as it is a one way algorithm, they will have a database of pre-calculated hashes and the string that was used to generate the hash and then perform a lookup.

Solution 3:

The web page actually contains the answer:

The database contains millions of MD5 hashes and their decrypted forms.

If you hash a somewhat trivial string like "Hello World" chances are it exists in that db. But enter a long string of some weird text like "H3ll0 Wh1rrl3d!?!" and the "conversion" will fail because it will not exist in the hash db. (Though my "weird" string seems to be getting decoded?!?)

IMPORTANT:


  • NOTE FROM THE SITE: Any data which is MD5 hashed is stored for lookups. Do not encode sensitive data using this form

lol. That's why anything you hash with the site will come back as decoded! Everytime you hash something with that site you increase the size and capability of the database!

Solution 4:

It says clearly: This tool searches multiple databases for the unencoded version of a MD5 hash