Decrypt MD5

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
wizzard
Forum Commoner
Posts: 93
Joined: Thu May 16, 2002 5:36 am
Location: Belgium
Contact:

Decrypt MD5

Post by wizzard »

Hello,

I have a question if you encrypted a pass with md5 can you get it back to the normal value? Because i'm working on a Lost Your Password system so when users fill in their email they receive their pass.


Cheers
Kris
User avatar
artexercise
Forum Commoner
Posts: 33
Joined: Thu Nov 20, 2003 9:38 am
Location: Raleigh, NC

Post by artexercise »

if I remember reading correctly, MD5 does not decrypt. If someone forgot their password then reset it and send them a random password to get back into the system and change it to whatever.

Decrypting MD5 would be a security hazard.

JOE--
wizzard
Forum Commoner
Posts: 93
Joined: Thu May 16, 2002 5:36 am
Location: Belgium
Contact:

Post by wizzard »

Ok thanks for the info :)
JPlush76
Forum Regular
Posts: 819
Joined: Thu Aug 01, 2002 5:42 pm
Location: Los Angeles, CA
Contact:

Post by JPlush76 »

Passwords using MD5 are decrypted pretty easily with a program like john the ripper and a dictionary tool.



You should always salt your passwords IE
$secretpasskey = '5SoMeThINg5eCREt7'; (keep this in a file out of the root directory)

MD5 (thestring.$secretpasskey)

so that it will make it a little less accesible to script kiddies. They usually give up if a program doesn't do it for em.
User avatar
cybaf
Forum Commoner
Posts: 89
Joined: Tue Oct 01, 2002 5:28 am
Location: Gothenburg Sweden

Post by cybaf »

just to be a smartass I have to add that md5 is not an encryption method. it is a hashing algorithm. The point of it is that there are no 2 strings that generate the same hash. :)

However, cracking it by brute force is not that difficult, but still it depends on the sice of the hash. using a 128 bit hash I don't think any scriptkiddie with access to a program would break it, just because they (normally) don't have the computer power to do so.

cheers,
//cybaf
JPlush76
Forum Regular
Posts: 819
Joined: Thu Aug 01, 2002 5:42 pm
Location: Los Angeles, CA
Contact:

Post by JPlush76 »

actually the MD5 hash prints out the EXACT same hash every single time.

MD5('dog') 5 times

c935d187f0b998ef720390f85014ed1e
c935d187f0b998ef720390f85014ed1e
c935d187f0b998ef720390f85014ed1e
c935d187f0b998ef720390f85014ed1e
c935d187f0b998ef720390f85014ed1e
RFairey
Forum Commoner
Posts: 52
Joined: Fri Jun 06, 2003 5:23 pm

Post by RFairey »

By saying that no two strings generate the same hash he means that no other string shorter than 32 chars is going to hash to the same as 'dog'.
User avatar
cybaf
Forum Commoner
Posts: 89
Joined: Tue Oct 01, 2002 5:28 am
Location: Gothenburg Sweden

Post by cybaf »

thanks RFairey...:)

maybe I should have clarified: There are no 2 different strings that generate the same hash.
JPlush76
Forum Regular
Posts: 819
Joined: Thu Aug 01, 2002 5:42 pm
Location: Los Angeles, CA
Contact:

Post by JPlush76 »

cool, we're all on the same page then :)
Post Reply