Reversing MD5

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
malcolmboston
DevNet Resident
Posts: 1826
Joined: Tue Nov 18, 2003 1:09 pm
Location: Middlesbrough, UK

Reversing MD5

Post by malcolmboston »

ok i wanna say this now, im not trying to hack any site! (i dont have the skillz to do that anyway)

what i want to do is:


1) password in database is MD5'd (not yet mind)
2) show the user there password in there "MyAccount" section

anyway of reversing it to show its true value?
malcolmboston
DevNet Resident
Posts: 1826
Joined: Tue Nov 18, 2003 1:09 pm
Location: Middlesbrough, UK

Post by malcolmboston »

also can anyone tell me what this means

"cache control - private"

is it for no cache'ing by the user?, like its HTML equivalent?
User avatar
vigge89
Forum Regular
Posts: 875
Joined: Wed Jul 30, 2003 3:29 am
Location: Sweden

Post by vigge89 »

just so you know, MD5 can't be reversed...
malcolmboston
DevNet Resident
Posts: 1826
Joined: Tue Nov 18, 2003 1:09 pm
Location: Middlesbrough, UK

Post by malcolmboston »

hmmmmm, i thought so, i read that somewhere before just wasnt sure if it was 'reliable'

anyway that i can get the same sort of thing without storing the password plain text?
Nay
Forum Regular
Posts: 951
Joined: Fri Jun 20, 2003 11:03 am
Location: Brisbane, Australia

Post by Nay »

no, it 'can' be decrypted.

A friend of mine did it before. The only thing he could get to was like 1 2 or a and b. And even 'that' it took a few minutes.

Nothing's impossible.........just not really possible ;)

-Nay
malcolmboston
DevNet Resident
Posts: 1826
Joined: Tue Nov 18, 2003 1:09 pm
Location: Middlesbrough, UK

Post by malcolmboston »

ok, well it is rather important to show the user there password is there anyway i can do it whilst still having an element of security on the site?

sorry for all the bother
malcolmboston
DevNet Resident
Posts: 1826
Joined: Tue Nov 18, 2003 1:09 pm
Location: Middlesbrough, UK

Post by malcolmboston »

ah ive just thought of a question that i would really like to know

what are the different 'types' of fields in a mysql database used for for example VARCHAR(i know that) BLOB etc a link to an explanation would be fantastic
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Re: Reversing MD5

Post by Roja »

malcolmboston wrote:ok i wanna say this now, im not trying to hack any site! (i dont have the skillz to do that anyway)

what i want to do is:


1) password in database is MD5'd (not yet mind)
2) show the user there password in there "MyAccount" section

anyway of reversing it to show its true value?
You are asking two questions:

Q. Is there a way to reverse an md5'd password

A. Yes and no. Yes, you can do so with sufficient computing resources. To give you an idea of whats involved, I'd estimate that for a six character password, you'd need a minimum of a dozen high-end machines running non-stop for a month. Not really feasible. But CAN it be done? Yes.

Q. How can I show the user their password in the MyAccount section?

A. You can't. Instead, give them a confirmation code! When a user signs up, he should pick his own password, but receive a confirmation code via email. Then, if he needs to reset or change his password, he will simply enter that confirmation code - which doesnt need to be encrypted, since it is only available via a confirmed email account.
malcolmboston
DevNet Resident
Posts: 1826
Joined: Tue Nov 18, 2003 1:09 pm
Location: Middlesbrough, UK

Post by malcolmboston »

ok kool, well funnily enough thats what im already doing

currently im relaying all of the information on the persons profile that i have stored in the database back to them, because the other info isnt MD5'd was just wondering about the password as i dont really want to store it plain text and its not vital that they can see it, so i guess i can make do with the code ive already written

Thanks Anyway
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

malcolmboston wrote:ah ive just thought of a question that i would really like to know

what are the different 'types' of fields in a mysql database used for for example VARCHAR(i know that) BLOB etc a link to an explanation would be fantastic
have a look here http://kimbriggs.onza.net/Computers/Not ... types.html

Mark
malcolmboston
DevNet Resident
Posts: 1826
Joined: Tue Nov 18, 2003 1:09 pm
Location: Middlesbrough, UK

Post by malcolmboston »

god bech

i love you, so helpful

and btw i did RTFM, and it says nothing about this

thanks
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

did you read the MySQL manual at www mysql.com?

Mark
malcolmboston
DevNet Resident
Posts: 1826
Joined: Tue Nov 18, 2003 1:09 pm
Location: Middlesbrough, UK

Post by malcolmboston »

well i downloaded the manual approx a month ago and couldnt find it, and the standard readme instruction file that i got didnt list either
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

to be honest, i don't like the MySQL site, not very easy to read IMHO
malcolmboston
DevNet Resident
Posts: 1826
Joined: Tue Nov 18, 2003 1:09 pm
Location: Middlesbrough, UK

Post by malcolmboston »

the manual aint much better, ill tell ya :wink:
Post Reply