Page 1 of 1
Reversing MD5
Posted: Wed Jan 07, 2004 7:16 am
by malcolmboston
ok i wanna say this now, im not trying to hack any site! (i dont have the skillz to do that anyway)
what i want to do is:
1) password in database is MD5'd (not yet mind)
2) show the user there password in there "MyAccount" section
anyway of reversing it to show its true value?
Posted: Wed Jan 07, 2004 7:17 am
by malcolmboston
also can anyone tell me what this means
"cache control - private"
is it for no cache'ing by the user?, like its HTML equivalent?
Posted: Wed Jan 07, 2004 7:25 am
by vigge89
just so you know, MD5 can't be reversed...
Posted: Wed Jan 07, 2004 7:27 am
by malcolmboston
hmmmmm, i thought so, i read that somewhere before just wasnt sure if it was 'reliable'
anyway that i can get the same sort of thing without storing the password plain text?
Posted: Wed Jan 07, 2004 7:36 am
by Nay
no, it 'can' be decrypted.
A friend of mine did it before. The only thing he could get to was like 1 2 or a and b. And even 'that' it took a few minutes.
Nothing's impossible.........just not really possible
-Nay
Posted: Wed Jan 07, 2004 7:37 am
by malcolmboston
ok, well it is rather important to show the user there password is there anyway i can do it whilst still having an element of security on the site?
sorry for all the bother
Posted: Wed Jan 07, 2004 7:39 am
by malcolmboston
ah ive just thought of a question that i would really like to know
what are the different 'types' of fields in a mysql database used for for example VARCHAR(i know that) BLOB etc a link to an explanation would be fantastic
Re: Reversing MD5
Posted: Wed Jan 07, 2004 8:54 am
by Roja
malcolmboston wrote:ok i wanna say this now, im not trying to hack any site! (i dont have the skillz to do that anyway)
what i want to do is:
1) password in database is MD5'd (not yet mind)
2) show the user there password in there "MyAccount" section
anyway of reversing it to show its true value?
You are asking two questions:
Q. Is there a way to reverse an md5'd password
A. Yes and no. Yes, you can do so with sufficient computing resources. To give you an idea of whats involved, I'd estimate that for a six character password, you'd need a minimum of a dozen high-end machines running non-stop for a month. Not really feasible. But CAN it be done? Yes.
Q. How can I show the user their password in the MyAccount section?
A. You can't. Instead, give them a confirmation code! When a user signs up, he should pick his own password, but receive a confirmation code via email. Then, if he needs to reset or change his password, he will simply enter that confirmation code - which doesnt need to be encrypted, since it is only available via a confirmed email account.
Posted: Wed Jan 07, 2004 8:57 am
by malcolmboston
ok kool, well funnily enough thats what im already doing
currently im relaying all of the information on the persons profile that i have stored in the database back to them, because the other info isnt MD5'd was just wondering about the password as i dont really want to store it plain text and its not vital that they can see it, so i guess i can make do with the code ive already written
Thanks Anyway
Posted: Wed Jan 07, 2004 9:05 am
by JayBird
malcolmboston wrote:ah ive just thought of a question that i would really like to know
what are the different 'types' of fields in a mysql database used for for example VARCHAR(i know that) BLOB etc a link to an explanation would be fantastic
have a look here
http://kimbriggs.onza.net/Computers/Not ... types.html
Mark
Posted: Wed Jan 07, 2004 9:06 am
by malcolmboston
god bech
i love you, so helpful
and btw i did RTFM, and it says nothing about this
thanks
Posted: Wed Jan 07, 2004 9:07 am
by JayBird
did you read the MySQL manual at www mysql.com?
Mark
Posted: Wed Jan 07, 2004 9:09 am
by malcolmboston
well i downloaded the manual approx a month ago and couldnt find it, and the standard readme instruction file that i got didnt list either
Posted: Wed Jan 07, 2004 9:14 am
by JayBird
to be honest, i don't like the MySQL site, not very easy to read IMHO
Posted: Wed Jan 07, 2004 9:15 am
by malcolmboston
the manual aint much better, ill tell ya
