A simple Q. about MD5

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
kaily
Forum Newbie
Posts: 12
Joined: Fri Jul 05, 2002 12:17 pm

A simple Q. about MD5

Post by kaily »

Hi,
Is it possible to "unMD5" a srting?
for example:
$password=md5('123')
// $password will be "202cb962ac59075b964b07152d234b70"
So,is it possible to know $password is "123" by "unMD5" the string "202cb962ac59075b964b07152d234b70"??
:oops: Sorry for my english!
User avatar
haagen
Forum Commoner
Posts: 79
Joined: Thu Jul 11, 2002 3:57 pm
Location: Sweden, Lund

Post by haagen »

I don't think there's a way to unmd5 a md5 string. So if you store your passwords as md5 strings, then nobody can streal them and unmd5 them.

So when you make your password check rutine you'll have to compare the two strings after passing through md5. Ok?

Code: Select all

$userpasswd;  // Password provided by user
$dbpassword; // Password in database, as md5 checksum.

if($dbpassword == md5($userpass){
  // Wheee, we had the right pass.
} else {
  // Sorry, no access here.
}
This is how unix make it. You can't check what a user password is. It's a oneway crypto algorithm.
User avatar
hob_goblin
Forum Regular
Posts: 978
Joined: Sun Apr 28, 2002 9:53 pm
Contact:

Post by hob_goblin »

md5 is a one way encryption. there was a post about this a couple days ago.
daemorhedron
Forum Commoner
Posts: 52
Joined: Tue Jul 23, 2002 11:03 am

Post by daemorhedron »

I don't know how it got this label, but md5 is not actually encryption, it's a simple checksum to verify data. That's why it's only a one way algorithm. Look into libs such as mcrypt or openssl to get two way (encrypt/decrypt) encyption.

md5's homepage : http://userpages.umbc.edu/~mabzug1/cs/md5/md5.html

HTH.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

you loose data on md5. It would be amazing to keep all information of a 5GB file in a 32-digit-number :D
The 'only' purpose of md5 is to guarantee that even a small change in the source (how big the source may be) will result in a change of the md5-checksum
User avatar
hob_goblin
Forum Regular
Posts: 978
Joined: Sun Apr 28, 2002 9:53 pm
Contact:

Post by hob_goblin »

yes, if i could store a gig of mp3s in a 32 character string, i'd just set up notepad and make a .5k file :p
Post Reply