MD5 Decrypt?

schimanski · Jan 24, 2011

I use the following code to encrypt the data to MD5:

B4X:

Sub btnMd5_Click
  Dim data(0) As Byte   
  Dim md As MessageDigest

  msg = "Teststring" 
  data = Bconv.StringToBytes(msg, "UTF8")
  data = md.GetMessageDigest(data, "MD5") 
  Msgbox(Bconv.HexFromBytes(data), "MD5 digest")   
End Sub

How is it possible to decrypt the MD5-hash?

Thanks and rgds

bluedude · Jan 24, 2011

Md5

Hi,

MD5 isn't suitable for two way, it is a one way protocol so no decryption.

Mostly it is used to encrypt passwords and do a check on the server if MD5 encrypted password matches the password in a database.

So you cannot use it this way. Look at the Encryption library for other methods.

Unfortunately the documentation on this library does not provide very easy to use samples, could be better.

Cheers,

schimanski · Jan 24, 2011

Thanks for answer...

I have looked for an encryption and decryption, which I can use in b4ppc and b4a, but I only got a consent with md5. O.k, i will try more.....

agraham · Jan 24, 2011

DES, AES/Rijndael and Triple-DES are all available in my libraries for Basic4ppc and Basic4android. RC2 should be as well but I haven't tested that in the Android version.

schimanski · Jan 25, 2011

Hello!
I have now tried to make a DES in b4a and b4ppc kompatible. When I displayed the key, it is the same, but the encrypted code is always different

basic4android-code:

B4X:

 Dim Bconv As ByteConverter
...
Sub btnDescbc_Click
  Dim data(0) As Byte
  Dim key(0) As Byte
  Dim iv(0) As Byte
  iv = Array As Byte(11, 22, 33, 44, 55, 66, 77, 88) ' 16 bytes for AES
   
  Dim kg As KeyGenerator
  Dim c As Cipher
  c.Initialize("DES/CBC/PKCS5Padding")    
  c.InitialisationVector = iv
  kg.Initialize("DES") 
  kg.GenerateKey
  keycode="123456789"
  key= bconv.StringToBytes(keycode,"UTF8")
 
  stringcode = "Teststring"
  data = Bconv.StringToBytes(stringcode, "UTF8")
   
  data = c.Encrypt(data, kg.Key, True)   
  Msgbox(Bconv.HexFromBytes(data), "Encrypted")
   
  data = c.Decrypt(data, kg.Key, True)   
  Msgbox(Bconv.StringFromBytes(data, "UTF8"), "Decrypted")
End Sub

Basic4ppc-Code:

B4X:

  Dim key(8) As Byte 
  Dim code(0) As Byte ' will be assigned by method return
  Dim decode(0) As Byte ' will be assigned by method return
...

Sub App_Start
  DES.New1
  bit.New1 
   
  Des.Mode = 2 
  keycode="123456789"   
  key() = bit.StringToBytes(keycode,0, StrLength(keycode)-1)
  DisplayKey 

  stringcode = "Teststring"
  code() = Des.EncryptString(stringcode)
   
  DisplayCode   
  DisplayDecode
End Sub

Sub DisplayKey
  For i = 0 To ArrayLen(key()) - 1
    str = str & " " & key(i)
  Next
  Msgbox(ArrayLen(key()) & " characters" & CRLF & str, "Key")
End Sub

Sub DisplayCode
  For i = 0 To ArrayLen(Code()) - 1
    str = str & " " & Code(i)
  Next
  Msgbox(ArrayLen(code()) & " characters" & CRLF & str, "Code")
End Sub

Sub DisplayDecode
  str = Des.DecryptString(code())
  Msgbox(StrLength(str) & " characters" & CRLF & str, "Decode")
End Sub

Where is the problem???

Thanks for help...

agraham · Jan 25, 2011

schimanski said:
Where is the problem???

Many things I am afraid. As I have said in other posts I am happy to provide cryptography tools but I am not going to provide or advise on solutions using them. To use encryption you need to know what you are doing as security relies upon other considerations than just using an encryption algorithm.

In the B4Aversion you are using a non-zero Initialisation Vector which you are not in B4P. You have a key variable in the B4A code that you are not in fact using but are actually using a random key. You are specifying Electronic Code Book mode in B4P but Cipher Block Chaining in B4A and finally you are specifying PKCS5 Padding in B4A whereas the B4P library does not offer padding which you would need to implement yourself.

schimanski · Jan 25, 2011

:sign0013:agraham. I have understand, that you can not tell others, how to protect their apps.

In the B4Aversion you are using a non-zero Initialisation Vector which you are not in B4P. You have a key variable in the B4A code that you are not in fact using but are actually using a random key. You are specifying Electronic Code Book mode in B4P but Cipher Block Chaining in B4A and finally you are specifying PKCS5 Padding in B4A whereas the B4P library does not offer padding which you would need to implement yourself.

When I read this, I think, that i'm faraway to find a solution

StuartM · Jan 27, 2011

schimanski said:
:sign0013:agraham. I have understand, that you can not tell others, how to protect their apps.

I don't get this comment... but...

MD5 is a one-way hash. You cannot "reverse" it.

You can, through a brute force attack attempt to find a collision. However any "strong" (for some value of strong) MD5 encryption uses a secret, server side, key (pre or post-fix) to avoid the many public MD5-lookup databases for things like md5("password") or md5("123456")

If you want to protect your app's, make sure that - if you use MD5 - you use a secret salt (key) in addition to whatever your user types in as part of the hash so that the public databases cannot easily crack it.

Cracklib + a 16 byte random prefix would be nice along with a "max 3 wrong passwords per hour" mechanism

mercon · Dec 20, 2012

Hi, how to make matrix

in VB6 such as

Text1(0)
Text1(1)
Text1(2)

is it possible in B4a?

Erel · Dec 20, 2012

Please start a new thread for this question (yes it is possible to make arrays of any object).

MD5 Decrypt?

schimanski

Well-Known Member

bluedude

Well-Known Member

schimanski

Well-Known Member

agraham

Expert

schimanski

Well-Known Member

agraham

Expert

schimanski

Well-Known Member

StuartM

Member

mercon

Member

Erel

B4X founder

Similar Threads