Page 1 of 1

how to get original string from MD5

Posted: Thu Oct 15, 2009 12:51 pm
by gimpact
Hello,

To make my email verification link more secure, i have performed MD5 before adding email to the url, along with Activation code.

my email verification url looks some thing like this

Code: Select all

$email_mask = md5($email);
http://www.domain.com/activate?sid=$ema ... ation_code
Now in the activation page when i am trying to retrieve email by this

$email = md5($email_mask);

I am getting values which is not the email. Does any one knows where I am going wrong?
Thank you,

Re: how to get original string from MD5

Posted: Thu Oct 15, 2009 12:54 pm
by Mirge
If you're trying to "undo" the md5 hash generation, you can't. It's one-way... as in, you can't take an MD5'd variable and restore it to its original value.

Re: how to get original string from MD5

Posted: Thu Oct 15, 2009 12:56 pm
by gimpact
dumb. Sad.

so now what? Any idea, how can I hide the email in the verification url?

Thank you,

Re: how to get original string from MD5

Posted: Thu Oct 15, 2009 1:08 pm
by Mirge
Use a different method? Store both the original email AND md5'd email in a database... or just generate a unique string for the email, serving as the "activation code" or what have you.

Plenty of ways to go about it I suppose.

Re: how to get original string from MD5

Posted: Thu Oct 15, 2009 2:48 pm
by jackpf
Why not just MD5() the field you're checking against in the query? :/

Re: how to get original string from MD5

Posted: Thu Oct 15, 2009 3:02 pm
by Eric!
That might get cumbersome to MD5 each original and compare it to the incoming query string to find a match, unless you stored the MD5 string and just compared the incoming query against it. But I think that might be one idea Mirage was suggesting....

Re: how to get original string from MD5

Posted: Thu Oct 15, 2009 3:46 pm
by jackpf
You guys do know that mysql has an MD5() function right 8O

Re: how to get original string from MD5

Posted: Thu Oct 15, 2009 4:58 pm
by John Cartwright
jackpf wrote:You guys do know that mysql has an MD5() function right 8O
It probably isn't a good idea to check against a dynamically md5'd value in the database, since a full table scan will be required, which can become quite slow on large tables. Best bet is to store an md5'd value in the users row to serve as their activation code.

Re: how to get original string from MD5

Posted: Thu Oct 15, 2009 7:51 pm
by gimpact
Thank you all for the help.

Since md5 is one way thing. so i guess, when i make md5 of emailid, i will store a copy of that email into database. in the activation.php i will get the md5 value which will be some thing like this "sdfhlshfdhnddpowiuerjdf" and search in database column for similar "sdfhlshfdhnddpowiuerjdf" and when a match found, check the activation number.

Re: how to get original string from MD5

Posted: Fri Oct 16, 2009 2:14 am
by daninosanto
well, there is not cross-md5 function in php. but there are sites that decrypt md5 like:

http://md5-decrypter.com/

search on the google about decrypter function in php. Probably someone geek wrote that function in PHP;)

Re: how to get original string from MD5

Posted: Fri Oct 16, 2009 3:48 am
by Mark Baker
daninosanto wrote:well, there is not cross-md5 function in php. but there are sites that decrypt md5 like:
http://md5-decrypter.com/
They don't decrypt md5, because that cannot be done. If they were able to do this, they'd be able to do it 100% of the time.

What they actually do is generate a database table of plaintext values against hash values; and then do a simple lookup to see if the entered hash value exists in their database, returning the corresponding plaintext value. Note that the returned value is not necessarily the only value that might generate the same hash.

Re: how to get original string from MD5

Posted: Sun Oct 25, 2009 12:25 pm
by Eric!
Here's a tool if all you need to do is recover a string.

http://www.insidepro.com/eng/passwordspro.shtml