Page 1 of 1

A simple Q. about MD5

Posted: Tue Jul 30, 2002 2:18 am
by kaily
Hi,
Is it possible to "unMD5" a srting?
for example:
$password=md5('123')
// $password will be "202cb962ac59075b964b07152d234b70"
So,is it possible to know $password is "123" by "unMD5" the string "202cb962ac59075b964b07152d234b70"??
:oops: Sorry for my english!

Posted: Tue Jul 30, 2002 3:08 am
by haagen
I don't think there's a way to unmd5 a md5 string. So if you store your passwords as md5 strings, then nobody can streal them and unmd5 them.

So when you make your password check rutine you'll have to compare the two strings after passing through md5. Ok?

Code: Select all

$userpasswd;  // Password provided by user
$dbpassword; // Password in database, as md5 checksum.

if($dbpassword == md5($userpass){
  // Wheee, we had the right pass.
} else {
  // Sorry, no access here.
}
This is how unix make it. You can't check what a user password is. It's a oneway crypto algorithm.

Posted: Tue Jul 30, 2002 5:14 am
by hob_goblin
md5 is a one way encryption. there was a post about this a couple days ago.

Posted: Tue Jul 30, 2002 3:09 pm
by daemorhedron
I don't know how it got this label, but md5 is not actually encryption, it's a simple checksum to verify data. That's why it's only a one way algorithm. Look into libs such as mcrypt or openssl to get two way (encrypt/decrypt) encyption.

md5's homepage : http://userpages.umbc.edu/~mabzug1/cs/md5/md5.html

HTH.

Posted: Tue Jul 30, 2002 5:23 pm
by volka
you loose data on md5. It would be amazing to keep all information of a 5GB file in a 32-digit-number :D
The 'only' purpose of md5 is to guarantee that even a small change in the source (how big the source may be) will result in a change of the md5-checksum

Posted: Tue Jul 30, 2002 9:14 pm
by hob_goblin
yes, if i could store a gig of mp3s in a 32 character string, i'd just set up notepad and make a .5k file :p