Once upon a time, I read Chris Shiflett’s Essential PHP Security and learned about the Rednoize MD5 database. This got me excited, so I decided to have some fun with it and created a tool that would scrape data from several different MD5 databases to reverse any MD5 hash you entered. If it found a match, it would display the pre-hashed value of the MD5 string. I even blogged about it.
Of course, it wasn’t really reversing anything. Rather, it used databases of pre-computed values, and if it found the MD5 hash in the database, it returned the value that had been pre-computed. This approach is very effective for a brute-force dictionary attack. For example, if your password is a common word or phrase, it’s probably already in one of these databases, and therefore, any unsalted MD5 hash of it could easily be reversed using this tool.
I didn’t create the tool for malicious purposes such as stealing or reversing anyone’s passwords, though. On the contrary, I wanted to educate others on how important it is to choose good passphrases and for developers to use a salt when hashing sensitive data.
The tool originally lived at md5.benramsey.com, and then I moved it to tools.benramsey.com/md5. Over time, though, the code became outdated, and many of the external databases it used went offline. Thus, I decided to take it down, and I leave this page as a memorial to that project.