Reputation: 21
MD5 Hash Brute Force java
I am having some trouble creating a brute force java code for a class assignment. The professor is not much help I was hoping someone could lend me a hand or give some tips. The professor supplied two methods md5_bytes and mini_md5_bytes. The mini bytes is used to decode 24 bits instead of the full hash. I have tried to go about it on my own and I have hit a wall. The random string generator was my attempt at trying to use random strings to eventually find the hash for the preselected word s. I appreciate the help.
public class BruteForce {
static int num_bytes=24;
static String rand = "";
static String s = "aefbcefacefeacaecefc";
static byte[] random = null;
static byte[] md = null;
public static void main(String[] args) throws Exception{
md = mini_md5_bytes(s, num_bytes);
if(s.equalsIgnoreCase(rand)){
System.out.println(rand);
}
else{
rand = brute(md, s);
}
}
public static byte[] mini_md5_bytes(String s, int num_bytes){
byte[] md = md5_bytes(s);
return Arrays.copyOf(md,num_bytes);
}
public static byte[] md5_bytes(String s){
MessageDigest md;
try {
md = MessageDigest.getInstance("MD5");
md.update(s.getBytes());
return md.digest();
} catch( java.security.NoSuchAlgorithmException e) {
return null;
}
}
public static String brute(byte[] md, String s) throws Exception{
while(!s.equalsIgnoreCase(rand)){
rand = RandomStringGenerator.generateRandomString(20,RandomStringGenerator.Mode.ALPHA);
byte[] random = mini_md5_bytes(rand, num_bytes);
if((Arrays.equals(random, md))){
rand = s;
return rand;
}
}
return null;
}
}
Upvotes: 0
Views: 2044
Answers (1)
Reputation: 17751
Whilst MD5 is no longer considered safe for crypto, that does not imply that MD5 is easy to brute force.
As others have suggested in comments, don't try random strings (especially because generation of random numbers is slow). Brute force is about trying all combinations until a match is found.
Also, by reading your mini_md5_bytes() it seems that you don't want to find two strings with exactly the same MD5 hash, but just with the same MD5 "prefix".
If that's the case, then use a small number for num_bytes. Maybe start with 1 or 2 and then increase the number until your tool becomes too slow. By the way, note that you're using num_bytes=24, i.e. 192 bits, while MD5 produces just 128 bits.
Also, why are you using s.equalsIgnoreCase(rand)? If you want to brute force an MD5 hash, then you should not care about the input string s. That string should not even be an input! If s were an input, you could use rand = s and you would be done. Your aim is to find a hash collision, not to find the original string.
This is the correct signature for your brute() function:
public static String brute(byte[] md) throws Exception
and this is the correct condition for the while-loop:
while(!Arrays.equals(random, md))
Upvotes: 1
Related Questions
- How to generate an MD5 checksum of a file?
- fastest MD5 Implementation in JavaScript
- Get the MD5 hash of big files in Python
- How to get MD5 sum of a string using python?
- Getting a File's MD5 Checksum in Java
- How can I generate an MD5 hash in Java?
- Calculate MD5 checksum for a file
- Calculate a MD5 hash from a string
- Problems with reproducing the same HMAC MD5 on Java and C