md5 is hash, u cant decrypt it. 128 bytes is 340,282,366,920,938,463,463,374,607,431,768,211,456 combinations. Ofc collisions are possible by obvious reason - u got infinite words but "only" 2^128 hashes. I was lookin in google, there are already about 20kk encrypted passwords, so we got like... 10^(-31) = 0.0000000000000000000000000000000001% of the combos :)
Good luck
Its easy to check but i dont know exact login procedure, i dont also know if hash is generated by our client >sent to gameserver, or client sends clear password >sends to serv and then GS generates the hash to comapre with sql data. In 1st case u could simply send hash, but on the 2nd - no way
Hope it was informative