Hello,
I have a question if you encrypted a pass with md5 can you get it back to the normal value? Because i'm working on a Lost Your Password system so when users fill in their email they receive their pass.
Cheers
Kris
Decrypt MD5
Moderator: General Moderators
- artexercise
- Forum Commoner
- Posts: 33
- Joined: Thu Nov 20, 2003 9:38 am
- Location: Raleigh, NC
-
JPlush76
- Forum Regular
- Posts: 819
- Joined: Thu Aug 01, 2002 5:42 pm
- Location: Los Angeles, CA
- Contact:
Passwords using MD5 are decrypted pretty easily with a program like john the ripper and a dictionary tool.
You should always salt your passwords IE
$secretpasskey = '5SoMeThINg5eCREt7'; (keep this in a file out of the root directory)
MD5 (thestring.$secretpasskey)
so that it will make it a little less accesible to script kiddies. They usually give up if a program doesn't do it for em.
You should always salt your passwords IE
$secretpasskey = '5SoMeThINg5eCREt7'; (keep this in a file out of the root directory)
MD5 (thestring.$secretpasskey)
so that it will make it a little less accesible to script kiddies. They usually give up if a program doesn't do it for em.
just to be a smartass I have to add that md5 is not an encryption method. it is a hashing algorithm. The point of it is that there are no 2 strings that generate the same hash.
However, cracking it by brute force is not that difficult, but still it depends on the sice of the hash. using a 128 bit hash I don't think any scriptkiddie with access to a program would break it, just because they (normally) don't have the computer power to do so.
cheers,
//cybaf
However, cracking it by brute force is not that difficult, but still it depends on the sice of the hash. using a 128 bit hash I don't think any scriptkiddie with access to a program would break it, just because they (normally) don't have the computer power to do so.
cheers,
//cybaf