Einzige "Möglichkeit": Brute-force, wenn du einen Hashwert hast, kannst du alle möglichen Passwörter (Wörterbücher etc) md5'en und schauen ob der Hash stimmt... benötigt jedoch sehr grosse Rechenressourcen.
Wikipedia meint dazu:
QUOTE
Security
MD5 has been widely used, and was originally thought to be cryptographically secure. However, research has uncovered weaknesses which make further use of MD5 questionable. On 17 August 2004, collisions for MD5 were announced by Xiaoyun Wang, Dengguo Fen, Xuejia Lai and Hongbo Yu [1] (http://eprint.iacr.org/2004/199.pdf). Their attack was reported to take only one hour on an IBM P690 cluster.
Note that Wang et al's attack is a collision attack and not a preimage attack.
While Wang et al's attack was analytical, the size of the hash — 128 bits — is small enough to contemplate a brute force birthday attack. MD5CRK was a distributed project started in March 2004 with the aim of demonstrating that MD5 is insecure by finding a collision using a brute force attack, although it was ended shortly after Wang et al's announcement.
Because of the discovery of an easy method for generating collisions, many researchers recommend that replacement algorithms, such as SHA-1 or RIPEMD-160, be used instead of MD5
Gruss Feuillet