Reversing MD5
Moderator: General Moderators
-
malcolmboston
- DevNet Resident
- Posts: 1826
- Joined: Tue Nov 18, 2003 1:09 pm
- Location: Middlesbrough, UK
Reversing MD5
ok i wanna say this now, im not trying to hack any site! (i dont have the skillz to do that anyway)
what i want to do is:
1) password in database is MD5'd (not yet mind)
2) show the user there password in there "MyAccount" section
anyway of reversing it to show its true value?
what i want to do is:
1) password in database is MD5'd (not yet mind)
2) show the user there password in there "MyAccount" section
anyway of reversing it to show its true value?
-
malcolmboston
- DevNet Resident
- Posts: 1826
- Joined: Tue Nov 18, 2003 1:09 pm
- Location: Middlesbrough, UK
-
malcolmboston
- DevNet Resident
- Posts: 1826
- Joined: Tue Nov 18, 2003 1:09 pm
- Location: Middlesbrough, UK
-
malcolmboston
- DevNet Resident
- Posts: 1826
- Joined: Tue Nov 18, 2003 1:09 pm
- Location: Middlesbrough, UK
-
malcolmboston
- DevNet Resident
- Posts: 1826
- Joined: Tue Nov 18, 2003 1:09 pm
- Location: Middlesbrough, UK
Re: Reversing MD5
You are asking two questions:malcolmboston wrote:ok i wanna say this now, im not trying to hack any site! (i dont have the skillz to do that anyway)
what i want to do is:
1) password in database is MD5'd (not yet mind)
2) show the user there password in there "MyAccount" section
anyway of reversing it to show its true value?
Q. Is there a way to reverse an md5'd password
A. Yes and no. Yes, you can do so with sufficient computing resources. To give you an idea of whats involved, I'd estimate that for a six character password, you'd need a minimum of a dozen high-end machines running non-stop for a month. Not really feasible. But CAN it be done? Yes.
Q. How can I show the user their password in the MyAccount section?
A. You can't. Instead, give them a confirmation code! When a user signs up, he should pick his own password, but receive a confirmation code via email. Then, if he needs to reset or change his password, he will simply enter that confirmation code - which doesnt need to be encrypted, since it is only available via a confirmed email account.
-
malcolmboston
- DevNet Resident
- Posts: 1826
- Joined: Tue Nov 18, 2003 1:09 pm
- Location: Middlesbrough, UK
ok kool, well funnily enough thats what im already doing
currently im relaying all of the information on the persons profile that i have stored in the database back to them, because the other info isnt MD5'd was just wondering about the password as i dont really want to store it plain text and its not vital that they can see it, so i guess i can make do with the code ive already written
Thanks Anyway
currently im relaying all of the information on the persons profile that i have stored in the database back to them, because the other info isnt MD5'd was just wondering about the password as i dont really want to store it plain text and its not vital that they can see it, so i guess i can make do with the code ive already written
Thanks Anyway
have a look here http://kimbriggs.onza.net/Computers/Not ... types.htmlmalcolmboston wrote:ah ive just thought of a question that i would really like to know
what are the different 'types' of fields in a mysql database used for for example VARCHAR(i know that) BLOB etc a link to an explanation would be fantastic
Mark
-
malcolmboston
- DevNet Resident
- Posts: 1826
- Joined: Tue Nov 18, 2003 1:09 pm
- Location: Middlesbrough, UK
-
malcolmboston
- DevNet Resident
- Posts: 1826
- Joined: Tue Nov 18, 2003 1:09 pm
- Location: Middlesbrough, UK
-
malcolmboston
- DevNet Resident
- Posts: 1826
- Joined: Tue Nov 18, 2003 1:09 pm
- Location: Middlesbrough, UK