Thing is Harlan, for the sake of arguement, lets using banking as the example.
If you knew it was a hashed sort code with no dashes, you could fire up a bruteforcer, limiting it only to digits. I just did that as an example, and the output correctly gives me the six digit sort code I md5'ed (in less than a second). Obviously with a larger set of characters and/or length of phrase you'll run into time constraints. But just saying it's 1 way is perhaps simplistic, even if that how it was designed.
Rich,
Thing is Harlan, for the sake of arguement, lets using banking as the example.
If you knew it was a hashed sort code with no dashes, you could fire up a bruteforcer, limiting it only to digits. I just did that as an example, and the output correctly gives me the six digit sort code I md5'ed (in less than a second). Obviously with a larger set of characters and/or length of phrase you'll run into time constraints. But just saying it's 1 way is perhaps simplistic, even if that how it was designed.
Brute forcing a hash isn't the same thing as decrypting.
Your example is a good illustration of brute force techniques, however it doesn't really do much to address the technical aspects (I'm not going to discuss the moral, ethic, or legal) of the original question.
Perhaps this is more of an issue of specificity of language, something I think the DFIR community suffers from greatly. If the OP asks to have hashes "decrypted", do we address the question as posed (which I and others have attempted to do) or do we address the question from the perspective of what we think the OP really meant?
Agreed/indeed terminology wise, I went for the intention rather than the exact wording (i'd like to think of it as a good habit from dealing with clients/lawyers/etc, save yourself time in the end).
I think most of us are beating around the bush, as the reasons for asking probably are more likely to be nefarious than nice 😉