[VB.NET]MD5 Encryption/Decryption

[*LoRD*]

PHP Code:

Imports System.Security.Cryptography
Imports System.Text

Module Crypt
    Public Function Encrypt(ByVal toEncrypt As String, ByVal key As String, ByVal useHashing As Boolean) As String
        Dim keyArray As Byte()
        Dim toEncryptArray As Byte() = UTF8Encoding.UTF8.GetBytes(toEncrypt)

        If useHashing = True Then
            Dim hashmd5 As New MD5CryptoServiceProvider()
            keyArray = hashmd5.ComputeHash(UTF8Encoding.UTF8.GetBytes(key))
        Else
            keyArray = UTF8Encoding.UTF8.GetBytes(key)
        End If

        Dim tdes As New TripleDESCryptoServiceProvider()
        tdes.Key = keyArray
        tdes.Mode = CipherMode.ECB
        tdes.Padding = PaddingMode.PKCS7

        Dim cTransform As ICryptoTransform = tdes.CreateEncryptor()
        Dim resultArray As Byte() = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length)

        Return (Convert.ToBase64String(resultArray, 0, resultArray.Length))
    End Function
    Public Function Decrypt(ByVal toDecrypt As String, ByVal key As String, ByVal useHashing As Boolean) As String
        Dim keyArray As Byte()
        Dim toEncryptArray As Byte() = Convert.FromBase64String(toDecrypt)

        If useHashing = True Then
            Dim hashmd5 As New MD5CryptoServiceProvider()
            keyArray = hashmd5.ComputeHash(UTF8Encoding.UTF8.GetBytes(key))
        Else
            keyArray = UTF8Encoding.UTF8.GetBytes(key)
        End If

        Dim tdes As New TripleDESCryptoServiceProvider()
        tdes.Key = keyArray
        tdes.Mode = CipherMode.ECB
        tdes.Padding = PaddingMode.PKCS7

        Dim cTransform As ICryptoTransform = tdes.CreateDecryptor()
        Dim resultArray As Byte() = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length)

        Return UTF8Encoding.UTF8.GetString(resultArray)
    End Function
End Module 


[MentaL]

[jM2.me]

MD5 Decryption? Wtf?

[Kreain]

this can decode md5 :O
?

[xSilv3rbullet]

http://md5decrypter.com

Beat that.

[Cancel Man]

I was always under the impression that Md5 was a 'one way cipher' meaning that you couldn't decrypt it?
Does the link that Silver provided just insert all of the values that are generated in MD5 too their database and when someone tries to decrypt it, it just searches the database?

[foxx]

http://md5decrypter.com

Beat that.

It's just a database of basic words like "aaaaa", "hello", "password", "aaa123", and everytime people use their encrypt it adds the word, you wouldn't be able to decrypt hashes like "H!I'mF0Xx#".

md5 is actually decryptable, but it'd take ages(depending on how hard the password is).

[Smitty]

It's just a database of basic words like "aaaaa", "hello", "password", "aaa123", and everytime people use their encrypt it adds the word, you wouldn't be able to decrypt hashes like "H!I'mF0Xx#".

md5 is actually decryptable, but it'd take ages(depending on how hard the password is).

It can now ;)

For all intents and purposes, MD5 at the current time is un-decrypt-able.

[MjClarke1]

It's just a database of basic words like "aaaaa", "hello", "password", "aaa123", and everytime people use their encrypt it adds the word, you wouldn't be able to decrypt hashes like "H!I'mF0Xx#".

md5 is actually decryptable, but it'd take ages(depending on how hard the password is).

Its more or less undecryptable and more brute-forcable

The only way to decrypt it is to keep encrypting until you get a hash thats exactly the same which would take a long ass time if its a tough password like "H!I'mF0Xx#" before Smitty submitted it to the database ;)

[xSilv3rbullet]

Actually, if you MD5 something on a website, then try and decrypt it on that website, it still works.

[xxbrentonxx]

Actually, if you MD5 something on a website, then try and decrypt it on that website, it still works.

You do realise a lot of those sites are connected and by encrypting on them, your making that string become decryptable?

[foxx]

Its more or less undecryptable and more brute-forcable

Yea.. That's what I kinda meant..

[Zen]

for Cancel Man's sake, im going to explain something.

MD5 is used mainly on websites to protect passwords when crossrefrencing them to a database (or inserting them for that matter), so instead of exposing a password to potential interception, a script will send the MD5 hash of a password to the server, and refrence it to a database,


so.

passwords are stored in the database as MD5 hashes

website converts password to MD5---> checks it with the database


i hope i made things a little clearer


(:

[s-p-n]

I wonder if any two hashes are ever the same? You can enter a password with 100 characters, and it comes out as a hash with like 16 or whatever.. Then you can type a single character and also, same number of characters in the hash. Since there's more possible inputs than outcomes, there must be. Also, you can type a greater variety of characters than MD5 can output.

Anyway, I've personally come to the hypothesis that there can be multiple passwords for a given hash. So if the database holding the passwords is secure from any eyes, internet connections, and LAN connections. (considering absolutely nobody can ever find the passwords), it's arguably more secure to just use the password with no encryption.

Then again, only if you're a psycho like I am =D

[Team Lion]

Welcome to cryptology s-p-n.

Your assumptions are correct. Due to the nature of hashes, there are what are called collisions, or two or more inputs with the same output. And that indeed happens due to the size of input compared to output. (Kind of, bit-padding happens in MD5, so that can distort it by a small percentage).

And those collisions are vital to performing what is called a birthday attack for hashes. The reason behind can be explained by your own research if you're interested.

It's why governments are migrating away from MD5 to SHA-1 or SHA-2, which is believed to me more secure (but even SHA-1 has shown to be weak still.)

[Moar F00d]

MD5 Decryption? Wtf?

Yeah, it's not possible.